marct, you are correct. This was DDoS (Distributed Denial of Service) attack. If I remember correctly couple months ago there was info that US military established some kind of cyberroom protection command. I hope that NATO transformation command will keep eye on this issue. I thought yesterday morning that it's just internet that is not working, my gsm is ok. Then I remebered that 1 or 2 years ago there was mobile phone virus attack during Helsinki sports competition. 1 criminal just launched signal that spred like virus among people that had internet connection in their phones. This is the way we are going now. You don't have to bomb your enemy's infrastructure to influence his will. Maybe I'm underestimateing people and in the end we all like to live like Tyler dremt in "Fight Club", we all need just pair of leather pants to walk in this life :)

PS. Estonian ambassador left Moscow. This was just postive move by Estonia to help Russian elite to save their face after EU and NATO told them back off. You just can't tell kids, "Hey, this is enough. Go home!" Instead they said "Good job. You accomplished your mission!" Interesting is also this that Russian Duma delegation that visited Estonia were satisfied wiht things they saw in Estonia (statue was ok, police acted according to law etc). They couldn't say this after arriving to Moscow on Tuesday. Thay said this only after Kremlin told youth movements "Go home." on Thursday afternoon.

Here is BBC story about Nashi with Surkov's comment.

"But of course we contact and support those who support us."
http://news.bbc.co.uk/2/hi/europe/6624549.stm

Thanks for the detailed post, Kaur !


A good case in point is the script kiddies cyber attack - am I right in assuming it was a Denial Of Service (DOS) attack? If so, the scripts for that type of attack are readily available to any 10 year old - you don't even have to go to the dark net to get them . The question now is how are the service providers (and government) responding? What sort of IO campaign is Estonia going to put together for the international community? What sort of help are they asking for from NATO and the EU?

Hi Marc ! I translated the questionable link from last night and pasted it on the post. Sorry 'bout that ! You know, there are approx. 15,000 Estonians in Canada. Would it be fair to say you don't know any of them ? :eek:

Anyway, my 2 cents:

The Ministry gurus and some local providers commented that DDoS attacks are very easy to employ, but not that easy to nail down. The perpetrators often find links to regenerate disruptions and these are taken out or blocked one at a time. Most of our Ministry servers have merely created blanket blocking of outside connections until such time as they can get a handle on the disruptions. Last night, I couldn't get the SWJ site back, but most of the Estonian sites came up quickly.

We would all like to think that recent US and NATO grievances were key to halting disturbances in front of Estonia's Embassy in Moscow and I think Kaur hit it on the head, we can't simply slap them without a means of saving face. Sounds very African or tribal, but that always seems to be the case. Ambassador Kaljulaid's departure allowed them that face saving and gave them a way out. Well, that's what they say :wry:

The Rossiya Molodaya (Young Russia) youth movement said the departure of the Estonian ambassador from Moscow was a "significant victory." (http://www.baltictimes.com/news/articles/17819/)


The only hint of a positive development in recent days came on May 3 when the pro-Kremlin youth groups, whose members had been blockading the Estonian embassy in Moscow, ended their seige, citing the reason that Estonian ambassador Marina Kaljulaid had left the country.

With the exception of the Prime Minister calling on the EU to speak, I don't know that Estonia openly asked for much assistance. The calls from NATO and the USA to Estonia's President and Prime Minister expressing support were key. The other former east bloc countries certainly played a role, but they don't have the 'bang' like NATO, the US Senate and Canada's Parliament.

Regards, Stan

An inside man no less. Can't the Kremlin surf Google anymore ?
(http://www.smh.com.au/news/TECHNOLOGY/Estonian-hold-suspect-over-cyberattacks/2007/05/06/1178390108792.html)

Police arrested Saturday a 19-year-old Tallinn resident who is suspected of involvement in a wave of attacks against Estonian computer servers.

"The criminal police have detained the first person who stands accused in involvement in the recent cyber-attacks against Estonian servers," Kristiina Herodes, spokeswoman for the Estonian prosecutor's office, told AFP.

"Dmitri was posting on Internet forums calls to organise mass attacks against Estonian servers, called the DdoS attacks," Herodes said.

"He collected addresses of crucial Internet sites in Estonia and passed them in various Internet forums, instructing users to attack servers in Estonia," she said.

"Dmitri is the first person detained, but the investigation continues, as many of the attacks came from abroad, including from Russia," she said.

Many government web sites in Estonia have been forced to shut down during the past week because of the attacks.

Well, Dmitri was not so innocent afterall :wry: (http://www.delfi.ee/news/paevauudised/estoniareports/article.php?id=15856367)


Dmitri, a 19-year old resident of Tallinn and a student of higher technical education, was taken into custody today by the Central Criminal Police in connection with the recent cyber attacks against Estonia.

Dmitri is suspected of computer sabotage and of damaging connections to the computer network (Penal Code §206 and § 207). He actively participated on various Internet forums helping to organise cyber attacks, announced the spokesperson of the Public Prosecutor’s Office.

Dmitri independently volunteered and supervised other forum users in organizing the so-called DDoS attacks against several Estonian servers. As an Estonian resident, Dmitri had a good overview of the local Internet landscape and had the know-how for choosing targets. He instigated attacks against the web pages of local authorities as well as various political parties.

Hi Stan,

Okay, I'll bite - can we get more information on him? Seriously, this is ringing off all sorts of pattern recognition bells in my mind. In particular, what forums was he posting on and who else goes there. Is this a parallel to how AQ recruits?

Marc

Hmmm, anyone wondering what Putin woke up to this morning on his server :cool:

The Estonian National Anthem has reportedly been 'cybered into' several Russian servers. Upon launching the site (I just tried it here) (http://www.web-dozor.ru/), the Estonian's famous sinimustvalge begins :eek:

Along with the nice music pops the Estonian flag with this underneath:




Estonia forever!


маскальским и сибирским л0хам превед из Таллина!


Unfortunately, Estonia's IT experts feel the three sites are the work of the Russian youth and not patriotic Estonians. The links have been up too long and the Windows version used is Russian.

Hi Stan,

Okay, I'll bite - can we get more information on him? Seriously, this is ringing off all sorts of pattern recognition bells in my mind. In particular, what forums was he posting on and who else goes there. Is this a parallel to how AQ recruits?

Marc

I have no idea if this is how the AQ recruits. Estonian LE are calling him a criminal and little more. This is about all I could find from various info sources and the translations were 'quick and dirty' :D


Summation:
The attacks entailed a broad array of techniques, which started with mere spamming posts to later well-coordinated DDoS attacks against the government’s IT systems. The cyber attacks were coordinated in Russian over the internet from computer networks and servers in Russia. Detailed instructions on how to act included topics about the nature and execution of attacks, as well as information about potential targets and attack timing.

Very basic instructions were disseminated on websites, in forums, and in chat spaces, precluding the user’s need for any knowledge or skills. The first attack took place on 27 April following the first night of rioting and was fairly simple. The portrait of the Prime Minister was defaced on the home page of the Reform Party (the PM with Hitler’s mustache) and initial DDoS attacks against Estonian government organizations. Some were successful, but normal operations were quickly restored.

Dmitri’s Role:
On the 28th however, serious attacks were being urged to forum members living in Estonia against Estonian web pages from addresses http://2ch.ru and http://forum.xaker.ru. Discussions were also taking place about how to finance the rental of server farms and botnets for a massive attack - A Trojan Horse application - needed to hijack computers. More than 1,500 users logged onto their chat lines and awaited instructions from the botnet. It is widely believed that, a Russian criminal gang rented the botnet in order to launch these attacks against Estonia.

Simultaneous orders to attack were being disseminated via the internet. Although the vast majority were primitive, they were effective for the purposes of creating chaos and confusion. The attacks were also discussed and coordinated in IRC environments. Consequently, there was a large incremental increase in spontaneous attacks carried out by individuals. On the 30th a number of very complex and sophisticated attacks were launched.

The attackers were able to dedicate substantial resources indicative of a well organized and financed enemy. By this time, the Estonian authorities had blocked the majority of internet traffic from ‘dot RU’ IP address extensions, as well as from many other foreign IPs. Somewhat later in the day the brunt of the attack shifted to the DNS system. Now seemingly human-friendly website names were utilized with the obvious intent of putting the entire DNS system out of commission, and cripple Estonia’s internet.

During the first week of May, some of these attacks were able to achieve temporary success against telecommunications companies providing internet services and Estonian media publications. The attackers covered their tracks by using global bot networks (not all located in Russia), proxy servers in third countries, and by distorting their IP addresses.

At least they're seeking help !


Estonia to discuss cyber-attacks with NATO, EU (http://www.eubusiness.com/news_live/1178888425.73)


Estonia is to raise the issue of how to handle cyber-attacks against state computer systems in meetings with partner member states of the NATO military alliance and European Union, officials said Friday.

"If the ports of a NATO member country are under attack, it is considered an attack against the whole of NATO, and the military alliance comes to help," Defence Minister Jaak Aaviksoo said.

Regards, Stan

"Last Friday, we hoped it was all over but the new massive attack against one of the biggest banks on Tuesday showed we were too optimistic.

"Cyber-attacks (www.smh.com.au/news/Technology/Estonia-urges-firm-EU-NATO-response-to-new-form-of-warfarecyberattacks/2007/05/16/1178995207414.html#) also have been launched against banks, newspapers, schools and many other institutions".

Estonia's second-biggest bank, Swedish-owned SEB Eesti Uhispank, was forced Tuesday to block access from abroad to its online banking service after it came under "massive cyber-attack".

Nato has dispatched some of its top cyber-terrorism experts to Tallinn to investigate and to help the Estonians beef up their electronic defences.
"This is an operational security issue, something we're taking very seriously," said an official at Nato headquarters in Brussels. "It goes to the heart of the alliance's modus operandi."

http://www.guardian.co.uk/russia/article/0,,2081438,00.html

Hi Kaur,

Excellent article, thanks for the link.

Based on what has been posted in this thread so far, I wold hazard a guess that this started as an opportunistic attack with the political-symbolic environment being manipulated by the Russians. The Russian State gets plausible deniability and, at the same time, the types of attacks they want - i.e. "non-warfare".

There are some things I want to think through on how this operates but, my current thinking is that this is a form of symbolic warfare that will bite the Russians later one.

Marc

Hi Kaur,

Excellent article, thanks for the link.

Based on what has been posted in this thread so far, I wold hazard a guess that this started as an opportunistic attack with the political-symbolic environment being manipulated by the Russians. The Russian State gets plausible deniability and, at the same time, the types of attacks they want - i.e. "non-warfare".

There are some things I want to think through on how this operates but, my current thinking is that this is a form of symbolic warfare that will bite the Russians later one.

Marc

Hi Marc !
I'll let Kaur answer from his own perspective, but what the Estonian Govt. and LE are saying, this was well planned, executed and financed.

Dmitri is not talking, but based on his 'student' status and relative lack of money, he was living extremely well.


Experts from Nato member states and from the alliance's NCSA unit - "Nato's first line of defence against cyber-terrorism", set up five years ago - were meeting in Seattle in the US when the crisis erupted. A couple of them were rushed to Tallinn.

Another Nato official familiar with the experts' work said it was easy for them, with other organisations and internet providers, to track, trace, and identify the attackers.

That said, NATO may be a touch concerned. Me Thinks !

BBC's 'Have Your Say (http://newsforums.bbc.co.uk/nol/thread.jspa?threadID=6362&&&&edition=2&ttl=20070517200920)' wants to know :confused:


Are you in Estonia? Do you think that Russia is responsible for the attacks? How well protected are state websites against this form of harassment?

I'd like to use word virtual swarming to describe the activity of opponents that are attacking Estonian servers. At first it looked like volunteer internet riot. Word was spread in internet forums to attack Estonian servers. For people without special knowledge, there were given special instructions how to do this. They did this as volunteers and binding force was the idea that there was huge insult against Russian soul by Estonian government. They attacked from every direction. The sites that were attacked were first not so important. At present they are useing same method, but calibre of their weapon is much bigger (number of hijacked computers is very big). How have they acquired this, it is interesting to know. It is hard to belive that the number of volunteers has grown because it seems that situation is at least here is calm (Estonian ambassador is also back in Russia again and Russian media is quiet) and momentum is gone. Who has such capacity to attack so intensely? Now they are targeting important targets, Estonian banks. e-banking is very popular here, so people are really pissed off.

Here is BBC story "Estonia hit by 'Moscow cyber war'

http://news.bbc.co.uk/2/hi/europe/6665145.stm

It seems that opponent has red this book http://en.wikipedia.org/wiki/Unrestricted_Warfare

"A Kremlin spokesman on May 17 refuted allegations of Moscow's involvement (http://www.baltictimes.com/news/articles/17908/) in the recent large-scale cyber attacks on Estonia’s government and private-sector websites that have been continuing since late April.

Deputy press secretary of the Russian president Dmitry Peskov said Russia can in no way be involved in cyber-terrorism and all claims to the contrary are an absolute lie, BBC Russian Service reported.

The official website of the Russian president is the target of hundreds of attacks every day, Peskov countered, and IP addresses of the computers from which they come implicate many countries in all parts of the world."

Meanwhile, Estonia’s national security police have said that the nation’s Constitution Party, which ran but did not win any seats in the March parliamentary elections, is managed and financed by the Russian authorities (http://www.baltictimes.com/news/articles/17909/)

19 May Washington Times - Cyber Assaults on Estonia Typify a New Battle Tactic (http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122.html) by Peter Finn.


This small Baltic country, one of the most wired societies in Europe, has been subject in recent weeks to massive and coordinated cyber attacks on Web sites of the government, banks, telecommunications companies, Internet service providers and news organizations, according to Estonian and foreign officials here.

Computer security specialists here call it an unprecedented assault on the public and private electronic infrastructure of a state. They say it is originating in Russia, which is angry over Estonia's recent relocation of a Soviet war memorial. Russian officials deny any government involvement

The NATO alliance and the European Union have rushed information technology specialists to Estonia to observe and assist during the attacks, which have disrupted government e-mail and led financial institutions to shut down online banking...

Estonian embassy's attackers' modus operandi.


Some 15,000 volunteers donned red jackets, with putin's communicators emblazoned on the back, and spread out across Moscow distributing brochures and 10,000 specially made SIM cards for mobile phones. The cards allowed users to send text messages to the Kremlin—to be answered promptly by Nashi volunteers. Recipients were also instructed to use the cards to report any signs of an incipient Orange revolution. In that event, the cards would instantly relay text-message instructions on what to do and where to rally. "We explained to Muscovites that we should all be prepared for the pro-Western revolution, funded by America," says Nashi activist Tatyana Matiash, 22. "People must know what to do to save their motherland in case their radio and TV stop working."

I'd like to speculate that this is the way to disperse cyber attach methods against enemy via internet among memebers and symphatizers.


Not to be outdone by Nashi, the Chelyabinsk chapter of the Young Guards recently staged a training session in how to combat a possible Orange revolution in their city. A hundred volunteers with orange bandannas pretended to storm the local television station; Young Guards mobilized to defend it. The day ended with Guards wielding baseball bats to smash up an "Orange" tent camp, much like that erected on Maidan Square in Kiev two years ago.


They are lectured by top bureaucrats and politicians, including Deputy Defense Minister Yury Baluyevsky and the thuggish Chechen President Ramzan Kadyrov—honored as a "Young Politician of the Year" at last year's Nashi congress.

http://www.msnbc.msn.com/id/18753946/site/newsweek/page/2/

The recent attacks on Estonia's internet infrastructure have led to speculation that Estonia may become NATO's cyber warfare test bench. A Defense Ministry (http://www.kmin.ee)IT expert said plans for establishing a NATO cyber defense center in Estonia had existed for over a year and suggested that recent attacks should be considered cyber terrorism. "They should be clearly designated as such because they were instigated by political propaganda which is how terrorist groups find new members." There are plans to begin training Estonian cyber sleuths by the end of 2007.

22 May Washington Post commentary - For Estonia and NATO, A New Kind of War (http://www.washingtonpost.com/wp-dyn/content/article/2007/05/21/AR2007052101436.html) by Anne Applebaum.


And now for a quick quiz: A European country -- a member in good standing of NATO and the European Union -- has recently suffered multiple attacks on its institutions. Can you (a) name the country, (b) describe the attacks and (c) explain what NATO is doing in response?

If you can't, don't worry: NATO itself doesn't quite know what it is doing about the attacks, despite the alliance's treaty, which declares that an armed attack on one of its members is "an attack against them all." The country is Estonia -- a very small, very recent member of NATO; the attacks are taking place in cyberspace; and while the perpetrators aren't exactly unknown, their identities can't be proved either...

"Web Sites Under Attack in a Murky War"


Estonia has created a stir with its accusations that Kremlin-based hackers targeted government web sites. But it is not alone in grappling with cyber attacks.

Hackers in recent months have targeted outspoken pro-Kremlin youth groups, opposition forces, ultranationalist organizations and media outlets, crashing their web sites with what is known as Distributed Denial of Service, or DDoS, attacks -- the same type of attack that Estonia says was launched against its sites.

http://www.themoscowtimes.com/stories/2007/05/24/003.html

This article is accessible only today, 24.05.2007 :(

From yesterday's Postimees (http://www.postimees.ee/230507/lisad/euro/262260.php):

During a discussion of the forthcoming European Parliament resolution on Estonia, EU Commissioner for External Relations Benita Ferrero-Waldner expressed support for the country.

The EU Commissioner called the blockade of the Estonian embassy in Moscow and also the cyber-attacks on the servers of Estonia’s state institutions “unacceptable”, the EC’s press service said.

According to Ferrero-Waldner, there have been no violations of human rights in Tallinn. and the relocation of the Bronze Soldier statue was done with due consideration for all of Estonia’s obligations.

The EU Commissioner said she was aware that the relocation of the statue had become a “sore issue” for Estonia, adding that she regretted the protests in Tallinn had ended in the wrecking of shops and kiosks.

“People have a right to express their views, of course, but not by such means. For example, the blockade of the Estonian embassy in Moscow is unacceptable,” Ferrero-Waldner said.

“I’m concerned about the cyber-attacks on Estonia. We have voiced our concerns to Russia, and will do so in future,” the EU Commissioner added.

According to her, the EU will continue to follow what happens in the sphere of trade between Estonia and Russia.

On Thursday the European Parliament is planning to adopt a resolution on Estonia.

Column from last Economist "Cyberwarfare update."


Called a “distributed denial of service” (DDOS) attack, this at its peak involved more than 1m computers, creating traffic equivalent to 5,000 clicks per second on some targets. Some parts were highly co-ordinated—stopping precisely at midnight, for example. Frank Cilluffo, an expert formerly at the White House, says that the attack's signature suggests that more than one group was at work, with small-time hackers following the initial huge sorties.

http://edwardlucas.blogspot.com/2007/05/cyberwarfare-update.html

In addition, may I ask any of the other members of this board, but is this the first time such a massive cyber attack has been launched by a nation state against another state or are their other examples of this ilk?

Regards

TC2642

TC, My military buds in Norway remind us of the following:


BTW did anyone of you know that Hotmail, Skype, and Kazaa are Estonian inventions. Report to US Congress on Cyberterrorism (http://209.85.135.104/search?q=cache:k6MRh4lckAMJ:www.fas.org/irp/crs/RL32114.pdf+Cyber+Terrorism&hl=no&ct=clnk&cd=10&gl=no)

29 May NY Times - In Estonia, War Fears Turn to Cyberspace (http://www.nytimes.com/2007/05/29/technology/29estonia.html?_r=1&hp&oref=slogin) by Mark Lander and John Markoff.


When Estonian authorities began removing a bronze statue of a World War II-era Soviet soldier from a park in this bustling Baltic seaport last month, they expected violent street protests by Estonians of Russian descent.

They also knew from experience that “if there are fights on the street, there are going to be fights on the Internet,” said Hillar Aarelaid, the director of Estonia’s Computer Emergency Response Team. After all, for people here the Internet is almost as vital as running water; it is used routinely to vote, file their taxes, and, with their cellphones, to shop or pay for parking.

What followed was what some here describe as the first war in cyberspace, a monthlong campaign that has forced Estonian authorities to defend their pint-size Baltic nation from a data flood that they say was set off by orders from Russia or ethnic Russian sources in retaliation for the removal of the statue...

Konstantin Goloskokov (http://www.postimees.ee/290507/esileht/siseuudised/263405.php), Commisaar of the pro Kremilin youth movement and self described Cyber Terrorist said he and a few friends were responsible for one of the attacks against Estonia's internet infrastructure.

In an interview with a Russian newspaper (non-specific), Goloskokov said he had initiated one attack from the separatist Moldovan region of Transnistria and employed botneted computers high jacked in Germany, Hungary and South Korea.

Goloskokov said he could brag abpout his misdeeds because cyber terrorism will not be punished in Transnistria.

To put this in perspective, the most crippling of the Estonian attacks had peak rates averaged over a 24 hour period of about 4 Mpps. 4 Mpps is a very large attack, and while less than 1% of the attacks we see exceed the Mpps mark, these attacks are nothing to ignore, pretty much regardless of who you are or what’s motivating an attacker.

http://asert.arbornetworks.com/2007/05/ddos-de-da-internet-attacks-still-considerable/

http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/

Here is 1 essay about nature of cyber war

http://www.schneier.com/blog/archives/2007/06/cyberwar.html

On Tuesday evening, the Minister of Defence, Mr. Jaak Aaviksoo, met with his Polish counterpart, Mr. Aleksander Szczygło, in Warsaw. The ministers discussed international operations, air policing and cyber defence during a very friendly and open meeting.


After the meeting, the Polish Defence Minister, who rendered unwavering support to Estonia during the disturbances in April and the subsequent cyber attacks, said, “Estonia is the first example of a situation where the threat was real, not imagined.” He continued by saying that, “ we cannot pretend nothing happened, and NATO must take it very seriously.”


Both ministers were of the opinion that the withdrawal of forces from Iraq would be unacceptable in light of the current situation.

More here... (http://www.kmin.ee/?op=news&id=1232)

While it's important to recognize the importance of defending one's cyber-infrastructure, these attacks were basically anything a 15-year-old with a botnet could put together. From where did the 'state-sponsored' ball get rolling?

While it's important to recognize the importance of defending one's cyber-infrastructure, these attacks were basically anything a 15-year-old with a botnet could put together. From where did the 'state-sponsored' ball get rolling?

Hi AFlynn,

This situation was far more than one expected (at least here). While most would agree that anyone with a botnet could put this together, the situation was much more than just a few teens with botnets.

This link in kaur's post above ("http://asert.arbornetworks.com/2007/05/ddos-de-da-internet-attacks-still-considerable/) gets a tad technical, but does a good job of explaining what really took place and to what extent.


Largest attacks we measured: 10 attacks measured at 90 Mbps, lasting upwards of 10 hours. All in all, someone is very, very deliberate in putting the hurt on Estonia, and this kind of thing is only going to get more severe in the coming years.

Links around the net to more information about the attacks:

* Russia accused of unleashing cyberwar to disable Estonia, The Guardian, May 17, 2007.
* Estonian and Russia: A cyber-riot, The Economist, May 10, 2007.
* Massive DDoS attacks target Estonia; Russia accused, Ars Technica, May 14, 2007.
* 9th of May on the F-Secure Weblog. Additional news from them: Update on the Estonian DDoS attacks on April 30, and Unrest in Estonia, published on April 28, 2007.


We’ve seen 128 unique DDoS attacks on Estonian websites in the past two weeks through ATLAS. Of these, 115 were ICMP floods, 4 were TCP SYN floods, and 9 were generic traffic floods. Attacks were not distributed uniformly, with some sites seeing more attacks than others

SECDEF Gates Urges NATO Ministers To Defend Against Cyber Attacks (http://online.wsj.com/article/SB118190166163536578-search.html?KEYWORDS=estonia&COLLECTION=wsjie/6month)


BRUSSELS -- At a meeting of allied defense ministers, U.S. Defense Secretary Robert Gates urged Western nations to begin planning how they would respond to a cyber attack, said a senior defense official. His call to action, issued to his colleagues at a session Thursday, followed an unprecedented cyber assault on Estonia that briefly shut down its electronic banking system earlier this spring.

"but I am sure we will see many more digital skirmishes."

BH Consulting’s Security Watch Blog (http://bhconsulting.blogs365.org/wordpress/?p=101) reports on Botnets - Digital Weapons of Mass Destruction?


What is interesting to note in Estonia’s case is that the Internet itself is their critical infrastructure. Therefore the attackers did not need to target the traditional SCADA systems in order to create havoc to Estonia’s critical infrastructure and its economy.

Despite some claims that these attacks are the first case of Cyber Warfare (http://www.ntu.edu.sg/rsis/publications/Perspective/RSIS0432007.pdf), this is not necessarily the case;

1. The United States has admitted to using Cyber Warfare in the Kosovo conflict
2. China has been accused of concerted attacks against US government systems, otherwise known as Titan Rain (http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318_pf.html)
3. In 2005 the UK NISCC stated that foreign powers are the main cyber threat to the UK’s critical network infrastructure (http://news.zdnet.co.uk/security/0,1000000189,39237451,00.htm).
4. Regional conflicts such as those between India and Pakistan and the Israeli-Palistinian conflict have also led to online attacks against each other.

Whether or not the attacks were state sponsored or the work of activists, they highlight that Botnets are moving up the food chain from being spam distribution agents and may now be considered Cyber Weapons of Mass Destruction. Will these Botnets become the equivalent of the nuclear deterrent from the Cold War?


Russia 'hired botnets' for Estonia cyber-war (http://www.rte.ie/business/2007/0601/estonia.html)


The Russian authorities have been accused of buying time on illegal botnets to launch a denial-of-service attack against Estonia.

The Asymmetric Threats Contingency Alliance (ATCA) (http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/281102.php), which comprises arms groups and financial services companies, claims to have uncovered evidence of alleged collusion between Russia and the botnet owners.

ATCA said that the botnets were rented for only a short period to boost the number of attacking computers to over a million.

'In a sign of their financial resources, there is evidence that [Russia] rented time from trans-national criminal syndicates on botnets', it added.

With both eyes open, something else may be seen behind the veiled curtain, pretending to investigate NASHI and Young Guard.


Security Officials Mull over Censorship on the Net (http://www.kommersant.com/p776912/Internet_Censorship_Prosecutor_General/)


Authorities must have a legal control over the Internet “to step efforts to fight with extremism,” Russian Deputy Prosecutor General Ivan Sydoruk said Thursday in yet another piece of criticism from the silovikis of slack oversight of the net. Human rights activities say that any state control over the Internet will create persecuted “cyberdissidents.” IT specialists argue that censorship in the Internet is next to impossible.
“The Internet is often a place for circulating extremist leaning information,” Ivan Sydoruk told a police conference in Rostov-on-Don on Thursday. “We need to work out an effective system to control the data released there in line with law.”

In another recent anti-Internet statement, Federal Security Service Director Nikolay Partushev called for strict control over the net. “There are currently 5,000 web-site run by extremist organizations and movements,” he said on June 5.

From the Moscow Times (http://www.moscowtimes.ru/stories/2007/06/26/017.html) regarding Estonian President Ilves's visit with President Bush in Washington


WASHINGTON -- U.S. President George W. Bush, acknowledging he could stand to "learn a lot" about cyber-security, expressed concern Monday over the high-tech hacking that crippled computer systems in Estonia.

Bush praised Estonia's president, Toomas Hendrik Ilves, for sharing information on how to deal with such security breaches.

Estonia suffered cyber attacks against its government and corporate web sites at the hands of Russian hackers last month, in what it says was retribution in a dispute with Moscow over the relocation of a Red Army statue in downtown Tallinn.

The Russian government has denied involvement.

Bush stayed away from the touchy matter, instead focusing on the lesson of vulnerability for the United States.

"Thank you for your clear understanding of the dangers that imposes not only on your country, but mine and others as well," Bush told Ilves after a meeting at the White House.

Bush praised Estonia for contributing troops to the U.S.-led wars in Iraq and Afghanistan. He briefly noted the latest suicide bombing in Baghdad on Monday, which killed at least 12 people, including a U.S.-allied tribal sheik.

"All the more reason, Mr. President, for us to remain firm and strong as we stand for this young democracy," Bush told Ilves.

Ilves thanked the United States for standing by his country's quest for independence "even in the darkest of times."

A very interesting article regarding Estonia's cyber wars (http://www.earthtimes.org/articles/show/75263.html) and potential to Establish a NATO center for excellence, recently approved by the POTUS and SECDEF Gates.


Tallinn - For a top-secret military base, Estonia's centre for cyber-defence looks remarkably like a genteel university. Chairs stand in neat rows in the classrooms, facing blackboards covered in arcane symbols. Vast orange armchairs ring the common room, and in one corner a coffee machine splutters belligerently.

The scene is as far from any fictional secret bunker as could be imagined, but it is a battlefield nonetheless - and one where Estonia (population 1.34 million) punches well above its weight.

"Today, Estonia is an opinion leader. People are looking for answers to cyber threats, and they have started to ask for our advice; we now have to do a lot of work to move from being an opinion leader to being a leader in the field," Tammet said.

"Cyber Attacks Engulf Kremlin's Critics"


A political battle is raging in Russian cyberspace. Opposition parties and independent media say murky forces have committed vast resources to hacking and crippling their Web sites in attacks similar to those that hit tech-savvy Estonia as the Baltic nation sparred with Russia over a Soviet war memorial.

http://www.washingtonpost.com/wp-dyn/content/article/2007/07/01/AR2007070100009.html

From International Herald Tribune (http://www.iht.com/articles/ap/2007/07/05/europe/EU-GEN-Estonia-Cyber-Attacks.php) and AP:


Estonia's government on Thursday called for an international convention on combatting computer-based attacks like those directed against the Baltic state in late April-early May.

Global ratification of the convention would establish "a strong legal basis to fight cyber crimes," the Economic Affairs Ministry said in a statement.

Signatory countries would cooperate in preventing computer-related crimes and tracking down organizers of cyber attacks.

The Estonian government also approved a number of measures to bolster the country's defenses against such cyber attacks in the future. In the words of Estonian ministers, future attacks "could be directed against the confidentiality of information systems and integrity of data."

The European Union and NATO, of which both Estonia is a member since 2004, expressed their concern about the cyber war waged against the Baltic country.

Apparently Estonia's recent bout with DDoS was a much larger problem than most thought.


LAS VEGAS (http://www.iht.com/articles/ap/2007/08/01/technology/NA-TEC-US-Vegas-Hacker-Convention.php): The threat of online data theft is becoming worse as criminals grow increasingly sophisticated at pilfering information from companies, government agencies and consumers, a former White House security adviser said Wednesday.

Influencing much of the discussion at the Black Hat and Defcon conventions are two major computer attacks this year — a well-coordinated strike on the Baltic state of Estonia that crippled the Web sites of banks, media outlets and government agencies, and a data breach at the parent company of T.J. Maxx and Marshalls stores that exposed at least 45 million credit and debit cards to potential fraud.

Hi Kaur and Stan,

I'm working on a paper right now that is using the cyberwar in Estonia as a case study. I'm having some difficulty finding out which specific sites where attacked and what the exact timeline was. Any information you may have and would be willing to share would be appreciated.

Thanks,
Marc

Hi Kaur and Stan,

I'm working on a paper right now that is using the cyberwar in Estonia as a case study. I'm having some difficulty finding out which specific sites where attacked and what the exact timeline was. Any information you may have and would be willing to share would be appreciated.

Thanks,
Marc

Hey Marc !

The only list I've seen to date is from Arbornetworks (http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/):


Attacks Destination Address or owner
35 “195.80.105.107/32″ www.pol.ee
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee
2 “195.80.124.53/32″ m53.envir.ee
2 “213.184.49.171/32″ www.sm.ee
6 “213.184.49.194/32″ www.agri.ee
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee
1 “62.65.192.24/32″

Later Estonia's major banks took hits:
www.hansa.ee
www.nordea.ee
www.seb.ee

If you need something more, let me know.
Regards, Stan

Computerworld's (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028839) recent article from Black Hat: "Estonia attacks an example of online rioting. There are lessons for companies that must deal with large-scale Web attacks."


A series of online attacks that seriously disrupted Web sites belonging to several banking and government organizations in Estonia earlier this year may have been perpetrated by a loosely organized, politically motivated online mob, a security researcher suggested today at the Black Hat 2007 conference.

The attacks hold several lessons about how large-scale Internet attacks can unfold and the responses that may be needed to deal with them, said Gadi Evron, security evangelist for Israel-based Beyond Security. "The use of the Internet to create an online mob has proven itself and will likely receive more attention in the future," following the Estonia attacks, said Evron, who wrote a postmortem report on the incident for the Estonian CERT.

Initial media reports suggested that the denial-of-service (DoS) attacks may have been organized by the Russian government in retaliation for Estonia's decision to move the statue. The reality, however, is that the attacks were carried on by an unknown number of Russian individuals with active support from security-savvy people in the Russian blogosphere, Evron said.

Many Russian-language blogs offered simple and detailed instructions to their readers on how to overload Estonian Web sites using "ping" commands, for instance, Evron said. The bloggers also kept updating their advice as Estonian incident responders started defending against the initial attacks.

TALLINN, Estonia (http://www.iht.com/articles/ap/2007/08/09/europe/EU-GEN-Estonia-Russia.php): Estonia has issued a European arrest warrant for a Russian citizen accused of calling for the overthrow of the Baltic country's government via the Internet.


A 23-year-old Moscow resident identified only as Aleksei was charged with "inciting the violent disruption of Estonian independence" in late April.

Estonian state prosecution spokeswoman Kristiina Herodes said prosecutors were forced to seek the European arrest warrant, after Russian authorities refused assistance in bringing Aleksei to trial in Estonia.

Authorities allege he spread Internet messages on April 28 calling ethnic Russians living in Estonia to join a violent coup d'etat — under the banner of the "Russian Resistance Army" — and topple Estonia's government.

A joint group of Estonian authorities, including security police and Internet experts, were able to track down the man with the help of IP addresses and his home Web page, Herodes said.

Not directly Estonian, but definitely related.


Malware from Russia with Love on Its Way to You

Security vendors think 400 pieces of malware residing on Russian
servers may be headed here as part of a concerted attack. Of course,
just as this attack is sighted, people are talking about ways to render
the firewall useless while others are saying it's time to rethink the whole
firewall concept. And if that's not enough to tie your stomach in knots,
Consumer Reports says cybercrime has cost more than $7 billion over
the past two years.

http://ct.enews.eweek.com/rd/cts?d=186-7674-49-642-1436831-771819-0-0-0-1

The Good, the Bad, the Net Neutrality Detector
http://ct.enews.eweek.com/rd/cts?d=186-7674-49-642-1436831-771822-0-0-0-1

Now Might be a Good Time to Fire Your Firewall
http://ct.enews.eweek.com/rd/cts?d=186-7674-49-642-1436831-772008-0-0-0-1

Survey: Cost of CyberCrime Reaches $7B
http://ct.enews.eweek.com/rd/cts?d=186-7674-49-642-1436831-771828-0-0-0-1

Hey Marc,
In fact, what you posted is indeed Estonia related. I've lost count, but managed to capture some of the IPs for our IT wizards.

The F Secure and Norton anti-virus programs we use indicate the same Russian-based IPs nearly every day, even on my home PC.


Security professionals and analysts said they were not surprised by the figures.

"Recent statistics indicate that one in every 10 Web sites is infected with malware," said Forrester Research analyst Chenxi Wang. "Therefore it is highly likely that an unsuspecting Web consumer—one that does not have adequate protection in place—would encounter a malware hosting Web site browsing the Internet."

Wired magazine writes about cyber attacks.

http://www.wired.com/politics/security/magazine/15-09/ff_estonia
http://blog.wired.com/27bstroke6/2007/08/cyber-war-and-e.html

TALLINN (AFP) (http://afp.google.com/article/ALeqM5ggJMw_iM3XayMUMWtYaKvXETPSVA) — "Tech-savvy Baltic state Estonia is to open an embassy in the Internet fantasy world Second Life, joining the likes of Sweden and the Maldives, the foreign ministry said Friday."


embassy will be located in the Second Life website, that has nearly 10 million registered users and already hosts a virtual site of Sweden," Marten Kokk, deputy chancellor at the ministry, told AFP.

Second Life is a commercial online virtual world in which people -- and animals -- are represented by animated avatars and can do everything from social activities to shopping.

It has pulled in more than 9.2 million users since it was set up in 2003 by San Francisco-based Linden Labs.

Second Life and other virtual worlds are drawing a growing number of shops and companies that use them as a marketing vehicle, and professionals such as architects.

"The virtual embassy will not offer services like visa granting via the Internet, it's technically too complicated," said Kokk.

"But we will include the links to the sites of the foreign ministry where all relevant info for visa applicants and other consular services will be located, as well as a vast list of info about political, economic and cultural life."

The virtual embassy will be launched on November 11, marking the anniversary of the foreign ministry's establishment in 1918 when Estonia became fully independent.

The creation of the embassy will cost around 6,000 euros (8,200 dollars) and the ministry has already purchased some virtual land on Second Life for the project.

Kokk said that despite being a virtual embassy, "very real diplomats behind their desks" would be involved.

With relatively limited resources for its 29 missions around the world, the ministry hopes the virtual embassy will provide information on Estonia to countries where it has no diplomatic representation.

"The virtual embassy of Estonia will also have rooms, where we will arrange press conferences, lectures and exhibitions," Kokk explained.

Estonia, which is among the smallest EU countries with a population of 1.3 million, has been a pioneer of new technologies since it regained its independence from the former Soviet Union in 1991.

In March, it held the world's first parliamentary election in which voters could cast ballots online.

TALLINN - With 'cyber attacks' becoming an increasingly common phenomenon, Estonian lawmakers are considering amendments to the penal code (http://www.baltictimes.com/news/articles/18815/) that would put such online offenses on a par with terrorism.



A computer attack would become an act of terrorism when committed with the same aims as a conventional act of terrorism. Under existing law, crimes of terror are crimes whose goal is to seriously upset or destroy the country's political, constitutional, economic or social order.

Crimes of terrorism are punishable by between 5 years and life (25 years) in jail.

The Estonian Ministry of Justice began drafting the amendments after the cyber attacks that targeted Estonia's government agencies, major banks and newspapers in April and May. The current laws deal with computer crime as something that has personal or financial gain as the final aim, which was not the case with the spring attacks against Estonia's IT infrastructure.

Sentences for other computer-related crimes are already being extended. After the amendments take effect it will be possible to punish hackers with a maximum three years in jail instead of the present one year. For computer fraud and spreading computer viruses caught on a repeat offense or after causing extensive damage the maximum punishment will be five years.

The ministry wishes to add to the penal code an article dealing with the preparation to commit a cyber offense, which would deal with cases when hackers make, use or disseminate a computer network element, program, password or code for the purpose of committing a cyber offense.

The bill is based on the Council of Europe convention against cyber crimes (http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm).

During his D.C.and NY visits, Estonian President Ilves addressed the UN emphasizing the need for a comprehensive cyberspace law.

From the U.N. News Centre (http://www.un.org/apps/news/story.asp?NewsID=23977&Cr=general&Cr1=debate)


“Cyber attacks are a clear example of contemporary asymmetrical threats to security,” he said at the annual high-level debate. “They make it possible to paralyze a society, with limited means, and at a distance. In the future, cyber attacks may in the hands of criminals or terrorists become a considerably more widespread and dangerous weapon than they are at present.”

The President said the threat posed by cyber attacks was often underestimated because they have so far not resulted in the loss of any lives and many attacks are not publicized for security reasons.

He called for cyber crimes to be defined internationally and generally condemned in the way that terrorism or human trafficking is denounced.

“Fighting against cyber warfare is in the interests of us all without exception,” Mr. Ilves said, calling on all countries to accede to the Convention on Cyber Crime of the Council of Europe. The pact is also open for accession to non-members of the Council of Europe.

The President welcomed the launch of the Global Cybersecurity Agenda of the International Telecommunication Union (ITU), and said the UN should serve as the “neutral and legitimate forum” for the eventual creation of a globally negotiated and comprehensive law of cyberspace.

Countries must, however, do more than recognize cyberspace as a new battleground. They also need to know when and how they can deploy weapons. What are the rules of cyberwar?

For more than a century, nations have devised rules of international law, such as the Geneva Convention, which seek to avoid war or minimize human suffering when conflicts occur. And as new technologies emerge, nations have weighed whether to draft new rules, such as treaties restricting biological, chemical and laser weapons.

http://www.latimes.com/news/printedition/opinion/la-oe-hollis8oct08,0,4017619.story?coll=la-news-comment

The first attacks coincided with the removal of a bronze statue of a World-War II era Soviet soldier from the town square in the capital city of Tallin. Estonia blamed the computer attacks on the Russian government.


The “worldwide community helped to protect them” and contain the situation, Ritchey says. The Defense Department sent a team of officials from DHS, FBI and the Secret Service to assist, says Dixson. The team is still analyzing the vast amount of information and will “try to learn something from this.”

http://www.nationaldefensemagazine.org/issues/2007/October/CyberAttacks.htm

Speaking to ZDNet (http://news.zdnet.co.uk/security/0,1000000189,39290289,00.htm) at the RSA Conference Europe 2007 in London, Mikhel Tammet, director of the Estonian communication and information technology department, said he believes forces within the Russian government may have initiated and sponsored attacks against his country's critical national infrastructure earlier this year.


Tammet added that, while it was not possible to put a face to the attackers nor to prove any direct connection to the Russian authorities, all previous attacks with a political aim emanating from Russia had their roots in government action.

"It's been that way in Russia for centuries," said Tammet. "The attack was 50 percent emotions, 50 percent something else, but we can't define what that something is. There was an organisation behind it, but we can't [definitively] say if it's the government or criminals, or both."

From Defense World (http://www.defenseworld.net/Defense-News.asp/var/10811-9) and the Estonian Embassy (http://www.estemb.org/news/aid-897) in DC:


The United States of America has expressed its intention to participate in the work of the proposed NATO Centre of Excellence on Cooperative Cyber Defence, to be established in Estonia.

The Deputy Undersecretary of the US Navy, Marshall Billingslea, informed the Ministry of Defence of the Republic of Estonia in a letter that the USA considers it important to work with Estonia on cyber issues. Marshall Billingslea's letter stated that the US Navy would send one of its top cyber defence experts to the NATO Centre of Excellence on Cooperative Cyber Defence in Estonia. Marshall Billingslea also mentioned that he was exceedingly pleased to tell that the Department of the Navy would like to work with Estonia on cyber issues.

In the view of the Minister of Defence of the Republic of Estonia, Mr. Jaak Aaviksoo, the only way to combat new security threats such as cyber attacks is through close co-operation. Together with Germany and Spain, which have joined Estonia with the NATO Centre of Excellence on Cooperative Cyber Defence, the support of the USA is not only proof of the strong alliance between our countries but also a crystal clear message of divided threat awareness.

Source: Estonian Ministry of Defence, 10/22/2007

During an 8 November meeting (http://www.kmin.ee/?op=news&id=1350) between Estonian Minister of Defense Jaak Aaviksoo and Swedish Minister of Defense Sten Tolgfors, cooperation between the European Union and NATO, the future and reforms of the NATO Response Forces (NRF) and current military operations were discussed.


The ministers also dealt with issues of cyber security. Both parties stressed that international co-operation, especially between international information security networks, is very important due to the lack of boundaries between networks. A good example of such co-operation is the assistance of Swedish experts in the successful deterring of co-ordinated cyber attacks aimed at Estonia last spring, and the exchange of experiences with Swedish experts for the development of Estonia’s cyber security strategy.

Mr. Aaviksoo also visited the Swedish Emergency Management Agency (SEMA) as part of his visit; one function of SEMA is to co-ordinate the activities of different institutions in the sphere of cyber security.

Source: Estonian Ministry of Foreign Affairs (http://www.egovmonitor.com/node/15587), Published Monday, 5 November, 2007


The United Nations Disarmament and International Security Committee in New York accepted a resolution on Thursday, 1 November, which addresses developments in the fields of information technology and telecommunication in the context of international security.

The resolution expresses concern that the security of states can be compromised by means of information or telecommunication technology.

The European Union Presidency Portugal made a statement upon the approval of the resolution in which they highlighted potential threats to cyber security, which can originate from organized criminals, terrorists, or co-ordinated attacks by individuals influenced by political propaganda.

According to Estonian ambassador to the UN Tiina Intelmann, the Presidency’s speech was largely motivated by the cyber attacks on Estonian government establishment, media and bank web pages in the spring. “What occurred in Estonia could happen to some other nation at any time,” Intelmann noted.

Intelmann added that one possibility for combating malicious or illegal use of information technology would be to declare such actions criminal. “For this, an international legal framework must be created,” said Intelmann.

Intelmann confirmed that both Estonia and the EU have called upon all UN member nations to join the Council of Europe’s Convention on Cybercrime, which came into effect in 2004 and was initiated by Estonia, among other nations.

On the basis of the resolution, a group of government experts will be formed in 2009. The group will be responsible for researching both existing and potential threats to information safety, and to make proposals as to how preventive measures could be taken.

... a reappraisal of the DDoS attacks on Estonia in May this year is used to support this position. In the immediate aftermath of that incident experts reckoned that the attacks were the cumulative effects of uncoordinated action by small groups of nationalists. However, McAfee now suggests in this report that there are signs that the attacks might indeed have been more organised. In the opinion of Ms Yael Shahar, International Institute for Counter-Terrorism, Israel, “The whole sequence of events (in Estonia) looked a lot like the sort of thing a government would do in order to check how much it could get away with.”

http://www.heise-security.co.uk/news/99767


Estonia has comparatively robust cyber defence systems. A similar attack on the UK might have more serious consequences, says the report, commissioned by McAfee.

http://www.computeractive.co.uk/computing/news/2204562/nations-defend-against-cyber-3681820

CYBERSPACE: A NEW SECURITY DIMENSION AT OUR FINGERTIPS

CSIS, 28 NOV 07 (http://www.csis.org/media/csis/events/071128_estonia.pdf), Speaker Jaak Aaviksoo, Estonian MOD


...first of all, I’m Stephen Flanagan, senior vice president here at the Center for Strategic and International Studies. ...we’re delighted to welcome the minister of defense of the Republic of Estonia, Mr. Jaak Aaviksoo, to address us on an important and critical issue confronting not only Western, but global security.

It is imminent I think that the future developments will see conflicts, attacks, if you like wars in this newly born cyberspace.

The imaginary cyberspace has essentially no borders. As it was born, it was global. It was not only global in the sense of having no borders, but it introduced also unparalleled anonymity. As by now little legal – both national as well as international – legislation, and it’s an essentially dimension which requires modest financial means to be visible and present in that space. That basically means that it’s fundamentally asymmetric.

Whether it was cyber war or hactivism, the Estonian incident shows the devastation that a politically motivated network attack can have on government and commercial networks.

How close is World War 3.0? (http://www.cio.com.au/index.php/id;1340236954;pp;1)


...the targets and the inferred motivation were geo-political rather than economic or a simple grudge. That suggests we have turned a corner.


There are only two other known network attacks that were as devastating as the Estonian incident and have been called cyber warfare. One, dubbed [Titan Rain (http://en.wikipedia.org/wiki/Titan_Rain)] by the U.S. government, took place in 2003 and involved Chinese military attacks on networks run by Lockheed Martin, Sandia National Laboratories, Redstone Arsenal and NASA. The other incident, which the U.S. government refers to as [Moonlight Maze (http://en.wikipedia.org/wiki/Moonlight_Maze)], occurred in 1999 and involved Russian attacks on classified military information.

Lessons learned from Estonia

The packet floods used in the Estonian DoS attacks were not new. What was unusual about these attacks was the duration and the disruption they caused, experts say.

"The size and scale of these attacks in terms of the bandwidth and packets per second is in the middle in terms of what we have seen for these kinds of attacks," Nazario says. "But they lasted for weeks, not hours or days, which is much longer than we've seen for most of these attacks in the past."



...what's important for U.S. companies to learn about the Estonian incident is how much damage a small number of people with resources can do.

Sidebar: Five things Estonia did right in battling hacktivism

Here's what worked in Estonia to battle the [recent denial-of-service attacks (http://www.networkworld.com/news/2007/070307-after-attacks-us-government-sending.html)]:

1. Admitting what's going on. The Estonian government didn't deny or try to hide the attacks. Because the attacks were globally sourced, ISPs that provide transit to Estonia could see that something was wrong. The Estonian government was wise not to try to deny the attack as a sign of weakness or cover it up as an embarrassment.

2. Asking for help. The Estonian Computer Emergency Response Team reached out to its peers in the North Atlantic Treaty Organization (NATO) and the service provider community to help it stop the flood of traffic before it hit their networks.

3. Rapid response. Experts converged upon Estonia to assist government officials and network service providers with attack analysis so they could start blocking traffic farther upstream.

4. ISP cooperation. Service providers worked together to help mitigate the attacks. Using such forums as the North American Network Operators' Group, ISPs have existing relationships that are useful when [denial-of-service (http://www.networkworld.com/details/670.html)] and other attacks occur.

5. State-of-the-art network-filtering techniques. [Vendors (http://www.networkworld.com/topics/vendornews.html)] including Arbor Networks and [Cisco (http://www.networkworld.com/subnets/cisco/)] deployed high-speed gear to filter out selective types of traffic at line rates to minimize the DoS attacks. This gear helped keep targeted Web sites running.

While many consider the three week attack on Estonia a non-event, others point to it as a sign of things to come.

http://www.defensetech.org/archives/003903.html#comments

Good point, Kaur !

I think the Kyrgyz Republic generally knows who hacked their election web site. With over a million Russian troops and Russian control over most of the mass media, this appears to have been an opportune time to take a jab at Estonia and stymie Kyrgyzstan’s election process.

Nice link !

Looking forward to having some brews together this week :p M1 from Sweden may even join us !
Regards, Stan

Just ask the hackers... (http://www.tol.cz/look/TOL/article.tpl?IdLanguage=1&IdPublication=4&NrIssue=248&NrSection=3&NrArticle=19241)

Estonia is getting a reputation for being security savvy.


Not content with being the plucky underdog that punches above its weight, Estonia has been committed for several years to nurturing state-of-the-art online technologies that are used in politics, banking, security, and other sectors.

“Cyber-security is a new measure of security, which must be actively engaged in both on the domestic and international level,” Ansip said in Washington.

So highly regarded is Estonia’s online technology and security savvy that NATO’s new cyber-warfare center will be based there.

So strong now is Estonia’s reputation in the field that some countries already are trying to poach leading figures in cyber-security development. Hillar Aarelaid, head of the national CERT program, said he has received several lures from overseas, including an “exotic” bid from Singapore.

I actually wrote an article awhile back about cyber-super-powers. The Canary Islands and other high level banking and financial locations were ripe to become power houses of computer security. And the likely targets. The supposition in the article was that being a fortress was not power. The follow on thesis was when these little tiny countries start projecting that power and using it to decide who gets what or gets done by what. Now that is real power. A friend reading the article said I had come up with the Soup Nazi (Seinfield reference) Theory of cyber warfare.

Hey Sam !


I actually wrote an article awhile back about cyber-super-powers. The Canary Islands and other high level banking and financial locations were ripe to become power houses of computer security. And the likely targets. The supposition in the article was that being a fortress was not power. The follow on thesis was when these little tiny countries start projecting that power and using it to decide who gets what or gets done by what. Now that is real power. A friend reading the article said I had come up with the Soup Nazi (Seinfield reference) Theory of cyber warfare.

I've been spending too much time at your blog reading about biker chicks (ahem) bikers :eek: and didn't see the posts on cyber superpowers :o

During my recent trip to Tenerife there were some Estonian IT guys at our hotel, and I recall one morning hearing them talk about the relatively stone-age state of IT in the Canaries.

Would you shoot me the link to your article please ?

Regards, Stan

Hey Sam !



I've been spending too much time at your blog reading about biker chicks (ahem) bikers :eek: and didn't see the posts on cyber superpowers :o

During my recent trip to Tenerife there were some Estonian IT guys at our hotel, and I recall one morning hearing them talk about the relatively stone-age state of IT in the Canaries.

Would you shoot me the link to your article please ?

Regards, Stan

Let me see if I can find it. I'll post it here or on my BLOG....

Austin Bay has an interesting article at RCP which uses the Estonian Cyberwar as a case study.

http://www.realclearpolitics.com/articles/2008/01/war_or_crime_in_cyberspace.html

Birmingham InfraGard June 2007 (http://www.birmingham-infragard.org/meetings/talks/presentations/Estonian.DDOS.pdf)


NashiHackers
Konstantin Goloskov, a Nashiactivist, told the Rosbaltnews agency on May 2 that he personally took part in cyber-attacks on Estonian websites. But he denied that Moscow state offices were used. The hacking, he said, was done from the breakaway Moldovan region of Transdniester.

How to respond?
"There is a discussion over how cyber aggression should fit into current law and whether a conventional attack would be suitable retaliation”
(Johannes Ullrich, chief technology officer at the SANS Institute) quoted in the Wall Street Journal.

Putin on Estonia
The May 25th Moscow Times explains Putin’s thoughts on Estonia
–Estonians betrayed his father’s NKVD sabatogeunit to the Germans. (24 of the 28 were captured, his father escaped, being carried across a frozen river, badly injured, under German fire)

–The Soviets explained in 1989 to the Estonians that the Molotov-Ribbentrop pact of 1939 did not reflect current Soviet policy. “Do you think we must do this every year?”he asked an Estonian reporter, mocking her Russian accent.
–The article makes it clear that Putinsees the removal of the statue as an insult to his father and other Russians who fought the Nazis in Estonia.

Youth organizations familiar with Cyber War tactics
•pro-Kremlin groups, such as Nashi, Young Russia, and Mestniye, and ultranationalist youth organizations, like The Other Russia and Movement Against Illegal Immigration have all had their websites attacked in the past few months.
•Alexander Kalugin, a spokesman for Young Russia, said his group was DDOSedfor six hours in March, saying the attack was by Estonians angered at their protests.
•His group burned Estonian banners and trampled an effigy of the Estonian president, which led to the cyber retaliation.

An interesting and very detailed recap. 31 page pdf at the link.

Here is article called "Nationality: Cyber-Russian" that may very well explain the human terrain in cyber space variable and cyber war against Estonia.

http://eng.globalaffairs.ru/numbers/9/716.html

4 Suspects Go on Trial Over Riots in Estonia (http://www.moscowtimes.ru/stories/2008/01/15/016.html)


Estonian news providers reported renewed disruption to their services over the weekend before the opening of the trial.

Estonia's computer emergency response team said the Friday incident was a denial of service attack from machines around the world.

The suspects are Dmitry Linter, Maxim Reva, Dmitry Klensky and Mark Sirik. They pleaded not guilty.

The charges said the first three were leaders of a Russian activist group in Estonia, Night Watch, while the fourth is head of the Estonian chapter of the pro-Kremlin youth group Nashi.

The unrest in April coincided with attacks on Estonian web sites, some of which the authorities said they traced to Russian government servers. Russia has denied any involvement.

Prosecutors say the rioting was planned well in advance and was not a spontaneous reaction to the memorial's removal. They say the defendants began plotting in mid-2006, when the government first discussed the memorial. Prosecutors also accuse the Russian government of providing them with financial support, a charge that Russian authorities have denied.

A cyber conflict differs greatly from what we typically associate with a war. There are no bombs bursting or gun fire. It is a silent conflict that is hard to notice until you try an electronic transaction. When we evaluate the progress of a war today we measure death and physical destruction. While there can be minor physical destruction in a cyber war, the political economic and financial implications are the primary measures of success.

http://www.defensetech.org/archives/003961.html#comments

20-year-old ethnic Russian student Dmitri Galushkevich, has been fined for participating in last year's cyberattack against Estonian Web sites (http://www.pcworld.com/article/id,141730-page,1/article.html).


Dmitri Galushkevich used his home PC to launched a denial-of-service attack that knocked down the Web site for the political party of Estonia's prime minister for several days, said Gerrit Maesalu, spokesman for the Northeast District Prosecutor's Office in Tallinn...Galushkevich must pay 17,500 kroons (US$1,642).

"He [Galushkevich] wanted to show that he was against the removal of this bronze statue," Maesalu. "At the moment, we don't have any other suspects."

'We Traced the Cyberwar (http://blog.wired.com/27bstroke6/2008/01/we-traced-the-c.html) -- It's Coming From Inside the Country!'


You'll recall that Estonia blamed the Russian government for last spring's DDoS attacks, and even considered invoking NATO Article 5 to marshal a multinational military counter attack against Russia -- a perfectly reasonable response to a bunch of websites being overloaded with unwanted traffic. Wired magazine sent a reporter to Russia to try and track down the culprits, but Vladimir Putin's ruthless cyber brigade proved elusive.

And so it comes as quite a shock to THREAT LEVEL to learn that the attacker convicted today isn't a member of the Russian military, nor is he an embittered cyber warrior in Putin's secret service. He doesn't even live in Russia. He's an ethnic Russian who lives in Estonia, who was pissed off over that whole statue thing.

The fact it was a student and a low level student at that. The fact it was a non-state actor is central to a theme that I'm kicking around.

Here are a few links.

Why States Need an International Law for Information Operations (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1083889).

CIA Admits Cyberattacks Blacked Out Cities (http://www.informationweek.com/news/showArticle.jhtml?articleID=205901631).

E-war rules of engagement (http://www.latimes.com/news/opinion/la-oe-hollis8oct08,0,5897172.story?coll=la-opinion-rightrail).

Computer Crime Research Center (http://www.crime-research.org/news/03.13.2008/3248/)


STRASBOURG, France (Reuters) - Estonia called on the European Union on Wednesday to make cyber attacks a criminal offense to stop Internet users from freezing public and private Web sites for political revenge.

Estonian President Toomas Hendrik Ilves said he believed the Russian government was behind an online attack on Estonia over its decision to move a Red Army monument from a square in the capital Tallin. Russia has denied any involvement.

"Russian officials boasted about having done it (cyber attacks) afterwards -- one in a recent interview a month and a half ago saying we can do much more damage if we wanted to," he told Reuters in an interview.

"We now have a much clearer understanding that we need to have a legislative basis for prosecuting cyber crime because it is a crime," Ilves said.

"That is something we are pushing for within the European Union and within NATO as well, where we can. It's almost by definition a cross-border crime," Ilves added.

"The UK has good legislation and the United States has good legislation. France has better than most and the rest of the EU does not really have this kind of legislation," Ilves said.

Specifically, Mr. Scheunemann said Mr. McCain was referring to an alleged Russian-led cyber attack on Estonia earlier this month, when Estonian government and private Web sites were frozen in response to a decision to remove a monument to the Red Army in the Estonian capital, Tallin. Estonia's president, Toomas Hendrik Ilves, on March 12 asked the European Union to make cyber attacks a class of crimes in response to what he said was Russia's retaliation for removing the Red Army monument.

http://www2.nysun.com/article/73750?page_no=2

Bobbie Johnson, technology correspondent
The Guardian, Monday April 7 2008 (http://www.guardian.co.uk/technology/2008/apr/07/hitechcrime.internet)


Estonia is bracing itself for a repeat of the internet attacks which nearly brought its government to a halt last year, the Guardian has learned.

With the anniversary of the attacks looming, senior officials are preparing for a repeat performance. One official said there had been many smaller attempts to hack into government systems during the last 12 months but they were not as organised or successful as last year's attacks.

A 20-year-old Estonian, Dmitri Galushkevich, has been arrested in relation to those attacks and was fined £880. But Estonian sources say the strikes originated largely from across the country's eastern border.

Those attacks prompted speculation that computer hacking was being widely used as a weapon, not just espionage. Such feelings were compounded when it emerged that another group of organised hackers - known by investigators as Titan Rain and believed to operate from inside China - had launched a series of strikes against western governments.

Apr 09, 2008
In cooperation with NATO (http://www.baltictimes.com/news/articles/20180/)


After last April saw the removal of a Soviet memorial in Tallinn, and the subsequent protests and cyber attacks that ensued, Estonia is ready for a repeat.

Last month Suleyman Anil, NATO’s computer incident response center head, stated that: "We have seen more of these attacks and we don't think this problem will disappear soon. Unless globally supported measures are taken, it can become a global problem,"

The attacks last year nearly brought the government to a halt and public services were severely immobilized.

Experts believe that despite an arrest made last year of an Estonian-Russian, the attacks originate from across the border in Russia.

At the NATO summit in Bucharest last week, plans for cyber defense in Estonia were discussed as well as plans for a permanent defense center.

Estonia is one of the cyber leaders of Europe, holding its first online election in 2005.

TALLINN- (http://www.baltictimes.com/news/articles/20391/) Days before the May 9th Russian Victory Day celebrations, members of the 10th parliament of Estonia were hit with a flurry of cyber attacks from Russia.


Marko Mihkelson, a member of the Estonian Parliament from the Pro Patria and Res Publica faction, said members of the previous Estonian parliament fell victime to the attacks on Sunday.

"E-mail messages with the .ru domain name speak to us about the Bronze Soldier, Victory Day, Estonia's "pro-fascism" and other well-known repertory. A set of e-mail addresses of the members of our 10th parliament is widely circulating in the Russian cyberspace, and so it is not very difficult to launch such an attack," Mihkelson wrote in his blog.

He said that contrary to last year's spam attacks, when the contents of the e-mails were largely the same, Sunday's texts were different although with the same undertone. "The next days until May 9 will show whether we have to do with some kind of a wider action or the effort gradually peters out," Mihkelson said.

Dozens of members of parliament mainly from the Reform Party and the conservative Pro Patria and Res Publica Union received such e-mails during last year's April disturbances and a few months earlier, after the parliament passed an act on prohibited structures.

For ethnic Estonians the monument symbolizes the nearly 50 years of Soviet occupation of Estonia, while many Russian-speakers see it only as a symbol of the Russian role in the liberation of Europe of Nazis in World War II.

with the interpretation of the events of World War II and the policy in the Baltic countries promised a cyber war against Baltic nations and illustrating the Baltics' web pages with five-pointed stars.

Russian hackers (http://www.balticbusinessnews.com/Default2.aspx?ArticleID=42f782c9-7fe8-43bb-a130-a27b939737d6&open=sec) promise an uniform attack against Baltics


The actions of the Baltic countries that are trying to re-write the history and delete the past events form the memories of their residents have crossed all reasonable limits, delfi.ee mediates hackers’ letter in Russian newspaper Smena.

According to the hackers’ plan, the layout of Baltic countries’ web pages will be changed. The visitors will see large red stars, photos of the soldiers that liberated Riga, Tallinn and Vilnius from the fascists and calls of not forgetting the past.

with the interpretation of the events of World War II and the policy in the Baltic countries promised a cyber war against Baltic nations and illustrating the Baltics' web pages with five-pointed stars.

Russian hackers (http://www.balticbusinessnews.com/Default2.aspx?ArticleID=42f782c9-7fe8-43bb-a130-a27b939737d6&open=sec) promise an uniform attack against Baltics

Cyber attack (http://www.baltic-course.com/eng/Technology/?doc=2935) on Lithuanian internet pages


The weekend cyber attack, which vandalized Lithuanian internet pages with soviet symbols, is only the top (sic) of the iceberg, IT specialists claim.

Gintautas Svedas, head of the company SATi specializing in IT security area, thinks that currently the number of real breaks in is much higher. "Serious cyber criminals always strive to remain unnoticed and simply want to secretly use the data from the victim"s computer as well as to control it," Svedas claims.

According to the data presented by the Connection Regulation Service (RRT), cyber criminals damaged the operation of over 300 Lithuanian internet portals. Last spring cyber attacks were performed in Estonia.

Can anyone tell me why in Buddha's name would NATO put their Computer Incident Response Command in Estonia after their cyber hit from Russia, ok now wait, alledgedly Russia?
Also, is there any truth in the matter that Georgia was going to invoke Article 5(I think) of the NATO Charter when they got hit by again, alledgedly Russia?

Thanks, this is my first post.

I'm sure someone with knowledge of the events will be along to discuss your question shortly. in the meantime, why not go here: LINK (http://council.smallwarsjournal.com/showthread.php?p=62044#post62044) and tag onto the thread there to tell us a little about yourself and your background and interests. You can scroll up a few messages to get a flavor of what others have said.

You can also check out this thread related to your query: LINK (http://council.smallwarsjournal.com/showthread.php?p=60776#post60776). Link is to last message in the thread, you can go to the first and read the thread.

Welcome to the Council !
Please do take the time to introduce yourself as Ken requested.


Can anyone tell me why in Buddha's name would NATO put their Computer Incident Response Command in Estonia after their cyber hit from Russia, ok now wait, alledgedly Russia?

First and foremost, it is not a computer incident response command. Rather, it is affectionately known as NATO's Center of Cyber Warfare Excellence. So how did Estonia end up with the Center ?

Following the 2007 attacks on Estonia's infrastructure and subsequent responses, NATO officials dealing with the issue indicated that Estonia's response was so effective as to preclude the need for drastic NATO action. Recognizing said NATO experts learned at least as much as they had contributed in terms of advice. With that, Estonia offered her services and recommended the creation of the Center for Excellence.

Unless you have information to the contrary, no other NATO member State has offered to create and host such a Center.


Also, is there any truth in the matter that Georgia was going to invoke Article 5(I think) of the NATO Charter when they got hit by again, alledgedly Russia?

Please take a moment and read:
The North Atlantic Treaty (http://www.nato.int/docu/basictxt/treaty.htm)
Washington D.C. - 4 April 1949.


Thanks, this is my first post.

Enough Said :rolleyes:

Regards, Stan

Thanks for this info. I guess I have some heavy reading for the weekend. Finally had a few moments to go back in the thread. Look forward to being here more often.

Thanks for this info. I guess I have some heavy reading for the weekend. Finally had a few moments to go back in the thread. Look forward to being here more often.

Sounds good !
Please make your 3rd post an intro as Ken has requested.

Regards, Stan

eWMDs

By John J. Kelly and Lauri Almann

The internet has enabled the bountiful benefits of eCommerce, and the incorporation of eCommerce into our economies has, in turn, created a dependence on the Internet, similar to our dependence on water, electric, and telephone utilities. Unlike other utilities, however, communication utilities can be crippled without even necessarily being physically attacked — they can be attacked in cyberspace. Such a cyber attack can result in loss of life, loss of wealth, and serious impediments to the flow of goods and services. In a modern just-in-time economy, these disruptions have the potential to cause catastrophic damage. Cyber attacks present a grave new security vulnerability for all nations and must be urgently addressed.

http://www.hoover.org/publications/policyreview/35543534.html

Today's VOA news (http://www.voanews.com/english/2008-12-20-voa11.cfm)...


Three main Internet cables from Italy to North Africa were inexplicably severed in the second such incident in a year, plunging Egypt and several other Arab countries into a communications crisis. Some suspect that sabotage was involved, although it is too soon to tell.


Last year, Internet cable cuts caused major economic havoc from Egypt to the Persian Gulf and on to India. Those cuts took days to repair, forcing banks and other corporations to resort to old-fashioned technology to conduct business.

Is it just me or is VOA popping up more and more as a source on Goggle News...

"We know that if someone shoots missiles at us, they're going to get a certain kind of response. What happens if it comes over the Internet? (http://www.reuters.com/article/lifestyleMolt/idUSTRE4BI00520081219?pageNumber=1&virtualBrandChannel=10112),"


The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on Thursday after participating in a two-day "cyberwar" simulation.

The game involved 230 representatives of government defense and security agencies, private companies and civil groups. It revealed flaws in leadership, planning, communications and other issues, participants said.

Has anyone heard of any cyber warfare in the current Hamas/Israeli conflict?
I know Israel gets hammered everday but was wondering if there was an upswing of activity.
Thanks.

Cyber Warfare 2009 (http://www.cyberwarfare-event.com/day1.php), 28-29 JAN 09, London, UK


Recognizing And Fighting Advanced Persistent Threats
The Overlay Of Military And Civilian Cyber Security
The First International Inter-Ministerial Cyber Defense Exercise: CYBER SHOT 2008
Cooperative Cyber Defense Center of Excellence
National Response In New Threat Environment: Hierarchies Versus Networks

* Estonia crisis 2 years on: Reflection on the response by Estonia
* Analysis of the evolving threat environment (CND)
* Future development of Computer Network Defense for appropriate security



Much more at the links

here is a link:
http://cyberwarfaremag.wordpress.com/2009/01/10/the-palestine-israeli-conflict-on-the-web/

In an Op-ed piece in the NY Times, it is requesting that the Obama Administration start looking at cyber initiatives more closely. I am finding part of that struggle is just in lableing such things as cyberwarfare or is it information/computer warfare etc. Just trying to get a discussion going here.
Attached is the Op-ed, really not much we dweebs haven't heard, read, thought or spoken of.
http://www.nytimes.com/2008/12/21/opinion/21duelfer.html
Enjoy.

Since 1970 every year there is a substantive report written on computer/information/cyber security and what is needed to accomplish it. In 1980 the concepts of computer warfare was really getting going. Though the roots of cyber warfare can be found in the late 1950s work on cybernetics and even further back in the ideas of command and control through technology.

Not that I know much about cyber warfare being an academic and all, but it would seem for anything to rise to the actual level of warfare all of the associated real world effects, needs, issues, and elements of war would have to exist. If zipping a high speed round through the cranial mass of a radio operator is an effective method of interrupting command and control, and a computer network operation has the same capability of interruption without the associated loss of life. How would you rate each on the test for perfidy?

Much of what we see reported in the press would not seem to rise to the level of cyber warfare if our test is correct. Not that I know much about computers but defacing websites, and other hooligan tactics of disruption would not seem to be warfare anymore than riots are warfare. There may be death, and injury but a riot is not war. The Georgia and Estonia examples were very entertaining examples of the power of non-state actors and super-empowered individuals through technology to disrupt but not wage war.

There always seems to be a debate between the low intensity conflict practitioners of COIN, small wars, 4GW etc.. and the High Intensity Conflict practitioners with Armor and 3GW blitzkrieg tactics. Regardless of the thinking behind it cyber warfare is deeply entrenched in the use of the communications systems and in any spectrum of conflict it would seem to be lurking about in the command and control system.

As a separate entity of conflict cyber warfare could be considered to be disruption (severing and changing communications), destruction (wholesale slaughter of bits and bytes), and even kinetic (opening the flood gates on dams, blowing up generators remotely, causing weapons systems to cook off while in storage). But, I recently read that as an academic I likely don't have much to add to this discussion of practitioners.

With that I'm off to have the elbow patches repaired on my sport jacket.

There always seems to be a debate between the low intensity conflict practitioners of COIN, small wars, 4GW etc.. and the High Intensity Conflict practitioners with Armor and 3GW blitzkrieg tactics. Regardless of the thinking behind it cyber warfare is deeply entrenched in the use of the communications systems and in any spectrum of conflict it would seem to be lurking about in the command and control system.

Which means that Cyber warfare is not much different from EW. Maybe it is a subset of EW or "Spectrum Denial." I have no problem with Cyber as long as militaries concentrate on disrupting militarily relevant means and the GCHQ/NSA go after the other stuff. Forming a "Cyber Corps" is just dumb.


As a separate entity of conflict cyber warfare could be considered to be disruption (severing and changing communications), destruction (wholesale slaughter of bits and bytes), and even kinetic (opening the flood gates on dams, blowing up generators remotely, causing weapons systems to cook off while in storage). But, I recently read that as an academic I likely don't have much to add to this discussion of practitioners.

...and what I said before. If Cyber degrades combat power I am all for it, the same way as I am all for EW, which is actually not as well exploited as it should be.

If someone can sensibly differentiate between "Cyber" and "EW" I'm all ears.


With that I'm off to have the elbow patches repaired on my sport jacket.

Black leather with studs and Rabbit hair trim?

But I enjoy the sarcasm and otherwise hate being behind a computer :D

I for one have troubles with the mere use of "cyber" other than in a good film with Arnold Schwarzenegger :rolleyes:

Wilf's comments seem to be some of the best examples in simple, easy to use terms (for a guy like me that must perform without the benefit of comms other than our wireless robot and X-ray).

IMO cyber warfare much like EW contributes to the success of IO. Cyber warefare possesses both offensive and defensive tactics, and when employed correctly can not only disrupt, but also exploit your enemy.

DDoS is far too simplistic a term for what most continue to assume occurred in Estonia. Georgia's use of/reliance on computers (that is if you happen to own a computer and live within 5 kilometers from the city center where one might connect) is not even remotely similar. In any case, the so-called non-state actors were not waging war, they were employing cyber in support of their ongoing operations.

It's all relative and darn simple for a minion like me. To employ such cyber operations in say Africa would be a true waste of time (similar to shutting off the electricity in a country that barely has 4 hours of electricity per day). Shut the power off in say West Bend for 8 hours (intentionally) and you'll have a full scale riot on your hands (assuming you don't have a 5KW in your back yard).

Which means that Cyber warfare is not much different from EW. Maybe it is a subset of EW or "Spectrum Denial." I have no problem with Cyber as long as militaries concentrate on disrupting militarily relevant means and the GCHQ/NSA go after the other stuff. Forming a "Cyber Corps" is just dumb.



...and what I said before. If Cyber degrades combat power I am all for it, the same way as I am all for EW, which is actually not as well exploited as it should be.

If someone can sensibly differentiate between "Cyber" and "EW" I'm all ears.

JP1-02 defines EW thus:

electronic warfare — Military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy.
Cyberwar is the larger use of EW and other means to attack the enemy's cyber capabilities while defending one's own. For example, were I to put sugar in the gas tank of your generator so that it quits and you can no longer run your computer network, that would be a form of cyberwar. It would not be EW. Were I to use my Jedi light saber (aka laser/directed energy) to cut the cables that connect your generator to the distribution panel so you can no longer run your computer network, that would be a form of cyberwar that happens to also be EW.

By the way, based on the JP definition. I guess that if an everyday enemy rifleman happened to stumble through your high powered jamming signal and get cooked (sorta like what happens to meat in your microwave), he would be an EW casualty, but not a cyber casualty.

For example, were I to put sugar in the gas tank of your generator so that it quits and you can no longer run your computer network, that would be a form of cyberwar.

So if I used a 454kg LGB to kill the computers would that be "cyberwar" or just an airstrike?

This is what worries me about people trying to come up with new terms to explain stuff we don't actually need to explain. Computers and networks are primarily used for command and control. Attacking the technology associated with that function is primarily an area of EW.

So if I used a 454kg LGB to kill the computers would that be "cyberwar" or just an airstrike?

This is what worries me about people trying to come up with new terms to explain stuff we don't actually need to explain. Computers and networks are primarily used for command and control. Attacking the technology associated with that function is primarily an area of EW.

I guess that would depend on what funding source you used to acquire the bomb and then deliver it (or what funding line you were trying to beef up and then defend in your next budget submission). :rolleyes:

Sarcasm aside, I think we often get so wrapped up in trying to sort out a set of descriptions at such excruciatingly tiny levels of granularity because the bean counter accountants out there force it upon us. How many cost centers and work units do we really need to break a task down to when we are tracking money? In the US DoD anyway, I submit that a lot of our problems are a direct reflection of the complexities in the PPBES.

So if I used a 454kg LGB to kill the computers would that be "cyberwar" or just an airstrike?

This is what worries me about people trying to come up with new terms to explain stuff we don't actually need to explain. Computers and networks are primarily used for command and control. Attacking the technology associated with that function is primarily an area of EW.

This is the kind of question that makes it really hard to have a discussion. If a terrorist group uses a nuclear bomb is that global thermonuclear war? If with two non-warring soldiers look at each other and one stabs the other. Is that an act of war or simply murder?

Cyber warfare in some ways is the transition from using kinetic weapons as the primary method of interruption of command and control, espionage, etc. To using the cyber tools themselves to make war. The evidence suggests (extensive analysis of attacks), that in cyber warfare the tools are the terrain. That is a fairly substantial leap and substantive shift in thinking about war. To say a tank is the terrain rather than the land would be ludicrous. Yet in some ways that is exactly what we say about cyber warfare.

This is the kind of question that makes it really hard to have a discussion.

Well not my intention. My primary interest is discussion.


Cyber warfare in some ways is the transition from using kinetic weapons as the primary method of interruption of command and control, espionage, etc. To using the cyber tools themselves to make war.

Hence my scepticism. The best way to disrupt command and control is to kill commanders. If some type of "network attack" capability adds additional degradation or even complete denial, then all good. I am not saying "cyber" has no merit. Clearly it does, and it would seem to be pretty well understood, at least at the conceptual level. My point is that it's real utility is possibly as an augmenter to lethal kinetic means and not an alternative.

The best way to disrupt command and control is to kill commanders. If some type of "network attack" capability adds additional degradation or even complete denial, then all good. I am not saying "cyber" has no merit. Clearly it does, and it would seem to be pretty well understood, at least at the conceptual level. My point is that it's real utility is possibly as an augmenter to lethal kinetic means and not an alternative.

How about going a bit deeper. Using cyber to open the spill ways on a dam and flood a valley below? Especially a dam well protected by all that nice anti-air and instead of using a $100K bomb you use the enemies bits/bytes against them? What about cooking off an adversaries munitions while they are stored? How about opening the safety valves or misconfiguring the safety systems of a major chemical plant in an otherwise technologically unsophisticated country? Kinetic effect from cyber activities. And, yes I stayed completely away from command and control on purpose just to give examples.

The best way to disrupt command and control is to kill commanders. If some type of "network attack" capability adds additional degradation or even complete denial, then all good. I am not saying "cyber" has no merit. Clearly it does, and it would seem to be pretty well understood, at least at the conceptual level. My point is that it's real utility is possibly as an augmenter to lethal kinetic means and not an alternative.
Wilf,
You might want to qualify your use of best. I define "best" as using the most effective and efficient means to achieve my desired end. If I could disable my opponent's command and control more effectively and efficiently using something other than direct action(that is by not putting a squad on the ground and getting half of them killed in the process of doing a DA mission to take out (kill) my opponent's commander while he is in his TOC), then that would be best. If commanders cannot command because they do not have situational awareness or cannot communicate their commands to their subordinates, then the goal has been achieved.

We used to call this comand, control and communications countermeasures (C3CM) in the 80s. But this is the 21st Century, and we apparently need new buzzwords.

Wilf,
You might want to qualify your use of best. I define "best" as using the most effective and efficient means to achieve my desired end.

Concur. I just want effective! Can a purely non-kinetic attack deliver shock to an effective degree? I wonder.

It is best suited as a supplemental form of warfare. Whether it is considered EW, if it has the capability of knocking anything out prior to "boots on the ground" grunts doing what they do best, then so be it. It is obvious that this form of warfare will be exploited in future conflicts. Russia and China are prime examples, not to mention, groups such as the Russian Business Network, as proxies. Incidents such as Titan Rain prove we are being reconned and have been for some time.

http://www.theregister.co.uk/2009/01/28/kyrgyzstan_knocked_offline/

The Russian Empire rearing its ugly head again.

'No one is ready for this' (http://www.guardian.co.uk/technology/2009/apr/16/internet-hacking-cyber-war-nato)

Now, cyber-attacks are on the rise and Nato's top computer experts have gathered in a military base in Estonia to prepare cyberwar defences


And the coup de grace? Hidden programs inside the country's electricity grid might then jump to life, shutting down power supplies, creating targeted blackouts, even sending nuclear reactors into freefall.

Such a doomsday scenario might sound drastic - more of a cyber-apocalypse than a cyber-attack - but it is one that has been outlined many times by the Metropolitan Police, MI5 and the Joint Intelligence Committee. The US Navy investigator and cybercrime specialist Kenneth Geers characterises the typical response of powerful individuals as they hear this doomsday scenario outlined as a sort of unbridled terror inspired by technology. "More than one senior official said they've had so many cyber-briefings now that they don't want to turn their computers on any more," he says.

Behind the security gates and razor wire, however, this is a different kind of military operation - the unlikely frontline in Nato's attempt to prevent a global cyberwar. K5 is where the alliance's top computer experts - high-ranking researchers, academics and security specialists - work in teams to analyse potential cyberthreats, and predict exactly how Nato will fight virtual wars in the future.

Stan,

I've decided most in the military are clueless to the real cyber risks. My frustration finally culminated in a blog post I won't spam y'all with. The problem is that people (government and civilian) think a denial of service is cyber war. It isn't. There is more to "cyber" than simplistic examples from the world wide web, and the meat and potatoes of the Internet. The virii in the electric grid computers is a vague and unsophisticated exercise in fear, uncertainty, and doubt. They're trying to feed the funding cycle.

I need a beer.

I've decided most in the military are clueless to the real cyber risks... There is more to "cyber" than simplistic examples from the world wide web, and the meat and potatoes of the Internet.
I sat through several hours of explanations of the arrays of threats - the highly sophisticated, state-sponsored ones. I think every five minutes a hand went up and some field-grade officer would ask/say something along the lines of, "how the f do you defend against that?" or "so, we're basically screwed is what you're saying" or "so we now have MAD with cyber war?"

After that, I started thinking twice about keeping my cash in my E-Trade account. But, then I thought about it some more. If the entire financial system were erased, then I would probably have other concerns - like how much ammo and bottled water I have.

Two interesting cyberwar-related stories from the WSJ (http://online.wsj.com/article/SB124001042575330715.html):

Pentagon Jams Web, Radio Links of Taliban: The Obama administration is starting a broad effort in Pakistan and Afghanistan to prevent the Taliban from using radio stations and Web sites to intimidate civilians and plan attacks, according to senior U.S. officials.

and CNET (http://news.cnet.com/8301-13639_3-10223182-42.html):

Brits use SEO strategies to fight terrorism: Islam is getting a little help from Britain's Office of Security and Counter-Terrorism, which says it plans to train government-approved groups to "flood the Internet" with "positive" interpretations of that religion in an online fight against radicalization. The OSCT plans to coach moderate Islamic groups on how to manipulate the Google rankings of their Web sites in order to boost the online profile of moderate voices in the Muslim community…. It is widely understood that terrorists use the Web to radicalize and recruit the vulnerable and disaffected; search engine optimization, or SEO, training is part of the campaign to counter this, a Home Office representative confirmed to The Register.

Interesting article on WSJ.com today:


Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.


Many details couldn't be learned, including the specific identity of the attackers, and the scope of the damage to the U.S. defense program, either in financial or security terms. In addition, while the spies were able to download sizable amounts of data related to the jet-fighter, they weren't able to access the most sensitive material, which is stored on computers not connected to the Internet.


http://online.wsj.com/article/SB124027491029837401.html (http://online.wsj.com/article/SB124027491029837401.html)

This is the second short response for a class I am taking. Enjoy!


On April 21st, the Defense Department announced that spies hacked into the $300 billion F-35 Joint Strike Fighter project. Full details of the cyber attack may never become available to the public, but the Department of Defense quickly revealed that the amounts of F-35 data dowloaded were "sizable", and speculation places the origin of the attack in China. This cyber attack follows a chain of escalating security breaches, including Air Force air-traffic control, and the U.S. electric grid (on April 4). In the last six months, the Pentagon spent $100 million repairing damage caused by network breaches (WSJ.com).

But what exactly is 5th generation warfare? According to Thomas Hammes, the U.S. currently fighting the 4th generation of warfare—underscored by a transition from “maneuver warfare” (third generation) to targeting multiple networks (political, economic, social, and military) and making strategic goals “unachievable or too costly for the perceived benefit” (Hammes, 2006). Fourth generation warfare does not focus on the “military victory” of the first three generations, but destruction of the political will to wage war. It is from this mindset we see the new prominence of non-conventional warfare and tactics, such as violent insurgencies and transnational terrorism. This definition begs the question: “is cyber warfare a form of non-conventional warfare”

The general theme between generations of warfare is the gradual expansion of the battlefield at the expense of restrictions--for example, the dynamics of forth generation warfare include a “social” dimension previously ignored by third generation. If we look to expand the scope today’s wars, we must move beyond “physical warfare”. Thus a fifth generation may be defined by kinetic (conventional and unconventional warfare) and non-kinetic attacks on political, economic, social, and military networks in order to make strategic objectives unachievable or too costly for the perceived benefit. I believe that cyber warfare pushes the boundaries forward in such a way that makes fifth generation an inevitable reality. In spite of the addition of “non-kinetic” tactics such as cyber warfare, physical attacks will remain just as relevant as they are today—a few well-placed, heavy chains or IEDs on a high voltage transmission line can bring down the U.S. power grid just as cheaply and effectively as a hacker.

The recent surge of high-profile cyber attacks on the United States serve as a litmus test for fifth generation warfare. Congress recognizes the existence (though not necessarily the extent) of a threat, and allocated $17 billion to buffering government network security. American utility providers are also taking steps to secure technologically dependent systems. However, the symbolic nature cyber attack on the F-35 project should not be overlooked—tomorrow’s wars will depend on $300 computers as much (or more) than a multibillion dollar super jet.

Sources:

http://online.wsj.com/article/SB124027491029837401.html

http://online.wsj.com/article/SB123914805204099085.html

Hammes, Colonel Thomas X., and Usmc. The Sling and the Stone: On War in the 21st Century. Zenith Press, 2006.

Hey Sam,
Being the computer novice I am, I have to wonder what the term Cyber War is now being defined as :o

I recall the Russian "commissar" (http://www.theregister.co.uk/2009/03/11/russian_admits_estonian_ddos/)reporting that "I wouldn't have called it a cyber attack; it was cyber defense," the official, Konstantin Goloskokov, told the paper. "We taught the Estonian regime the lesson that if they act illegally, we will respond in an adequate way."

So, I'm wondering if DDoS is now an oversimplified term when it in effect shut down government and banking institutions for over a month.

Regards, Stan


Stan,

I've decided most in the military are clueless to the real cyber risks. My frustration finally culminated in a blog post I won't spam y'all with. The problem is that people (government and civilian) think a denial of service is cyber war. It isn't. There is more to "cyber" than simplistic examples from the world wide web, and the meat and potatoes of the Internet. The virii in the electric grid computers is a vague and unsophisticated exercise in fear, uncertainty, and doubt. They're trying to feed the funding cycle.

I need a beer.

So, I'm wondering if DDoS is now an oversimplified term when it in effect shut down government and banking institutions for over a month.

Regards, Stan

Yes it is. I have been unable to get ANY traction with thought leaders about this. But here try this.

Assumption:

1) The military through doctrine places cyber warfare squarely in the realm of information operations such as defined by JP3-13.

2) Though information is a component of all conflict in the end kinetic wins wars.

3) To be truly useful cyber warfare must have a kinetic component.

The following is in addition to a LOT of stuff. So if it appears I'm jumping in the middle, well, I am...

The cognitive model most people use to think about "cyber warfare"

Starts with the "World Wide Web" A set of applications and protocols such as web pages, and services like Television and Internet (sic) Radio. The world wide web in most cases is stuff delivered through your browser.

In the middle is "The Internet" a set of services best described by MAC addresses and TCP/IP addresses. This is the place that IP spoofing and Denial of Service attacks occur.

If we were to draw a stack such as the OSI 7 Layer model and add an 8th layer at the top calling it people/politics we would have just described and could describe layers that are attacked with different effects. Though, so far, we have not killed anybody or done any real damage.

Just for grins and giggles lets add a bottom layer to that stack. Let's call it kinetic effect. Below the physical layer of the OSI 7 Layer model. Now placing it here is for simplistic sake it plugs in actually slightly higher.

This new 9th layer is where SCADA and death & destruction occur. You also now have recreated a fairly good representation of the cognition through physical envelope of cyber space. A more Gibsonian approach than military writing suggests.

At the kinetic layer we open valves and in a very small wars/guerilla way we attack the adversary using their own technology against them. We open the water valve creating a disaster like Bohpal, we rupture gas mains like in Bellingham Washington, we divert spent gasses the wrong way in fuel fields, and the best part? Well the best part is there is no current forensic technology to trace these attacks and they are often unsecured to the point of pity.

A properly trained person could kill a freaking lot of people and not have to get off the couch.

DDOS, is passe' welcome to the real world of cyber warfare.

Consider whether a cyber incident is an attack, war, or something else. Not all violence is war. Some is crime, some is football. Not all cyber incidents are warfare. Was the F35 incident espionage? Was it simply trespass? Motive can be a determining factor.

Cyber is as old as the military. Though cyber was coined by Norbert Wiener in "Cyberneticss: or Control and Communication in the Animal and the Machine", and cyber space was coined by William Gibson in "Neuromancer" the actual act of command and control through various means reaches back to the beginning of time.

So, and this is key, is cyber warfare actually just a continuation of war (simple) and destruction of an enemies command and control?

How does stealing or infiltrating the F35 project rise to that test?

I always read one of your cyber posts just before leaving work so I'll have a good reason to go home and kick the cats... :rolleyes:

I always read one of your cyber posts just before leaving work so I'll have a good reason to go home and kick the cats... :rolleyes:

I apologize to your cats. I have quit posting much on cyber warfare as I realized most people a) don't believe it, b) don't care. So the cats should be safer.

A properly trained person could kill a freaking lot of people and not have to get off the couch.
Not to nitpick, but it that accurate? Can someone who is not state-sponsored really pull that off? And, supposing they could, do you think they could avoid detection and get away with it?

Also - do you know of any legal issues related to cyber warfare that could answer this RFI (http://council.smallwarsjournal.com/showthread.php?t=7133)?

The way I see it, information warfare, specifically the targeting and attack of the enemy's command and industrial infrastructure is an adjunct to other, more "conventional" forms of warfare, not a form of warfare in itself. As Selil put it, armies have been targeting others' infrastructure since the dawn of warfare.

As I see it, cyberwar isn't a form of warfare per se, it is a tactic that is used as part of a wider strategy. Its just like bombing the enemy's roads or power lines to slow his movements and reduce the effectiveness of his fighting forces.

Not to nitpick, but it that accurate? Can someone who is not state-sponsored really pull that off? And, supposing they could, do you think they could avoid detection and get away with it?

Also - do you know of any legal issues related to cyber warfare that could answer this RFI (http://council.smallwarsjournal.com/showthread.php?t=7133)?

The answer is yes it is accurate. State sponsorship is actually a problem for response, but knowledge is the challenge not national status. Succinctly AT&T is not a nation state but with the flip of a switch in the AT&T NOC the world go's dark. That switch could "proverbially" be flipped by anybody.

Yes I have an excellent idea and will post it for you.

The way I see it, information warfare, specifically the targeting and attack of the enemy's command and industrial infrastructure is an adjunct to other, more "conventional" forms of warfare, not a form of warfare in itself. As Selil put it, armies have been targeting others' infrastructure since the dawn of warfare.

As I see it, cyberwar isn't a form of warfare per se, it is a tactic that is used as part of a wider strategy. Its just like bombing the enemy's roads or power lines to slow his movements and reduce the effectiveness of his fighting forces.


There is another level of cyber warfare that exists, where bits become weaponized but that is for other threads.

Fourth generation warfare does not focus on the “military victory” of the first three generations, but destruction of the political will to wage war. It is from this mindset we see the new prominence of non-conventional warfare and tactics, such as violent insurgencies and transnational terrorism. This definition begs the question: “is cyber warfare a form of non-conventional warfare”
So 4GW is like every other war. It's always been about political will. Nothing new here.


Thus a fifth generation may be defined by kinetic (conventional and unconventional warfare) and non-kinetic attacks on political, economic, social, and military networks in order to make strategic objectives unachievable or too costly for the perceived benefit. I believe that cyber warfare pushes the boundaries forward in such a way that makes fifth generation an inevitable reality.

5GW is as much rubbish as 4GW, both of which are invented problems looking for a unnecessary solution. So...

"Defined by kinetic (conventional and unconventional warfare) and non-kinetic attacks on political, economic, social, and military networks in order to make strategic objectives unachievable or too costly for the perceived benefit."

- What does that mean? Can you give me specific example of each type of action and how it would gain the outcome you suggest, in a way that has not been seen before?

Sounds a bit like the descent into a perpetual state of war. Or maybe just a side effect of the global reach of certain tools. I would call what is described in the article about the F-35 spy incident "strategic warfare", or simply an intelligence operation.

Seeing either of the current colonial uprisings as "4th generation" warfare is questionable. It's just asymmetric and in that as old as mankind, or like Mao with a different ideological goal.

As I see it, cyberwar isn't a form of warfare per se, it is a tactic that is used as part of a wider strategy. Its just like bombing the enemy's roads or power lines to slow his movements and reduce the effectiveness of his fighting forces.

Exactly. The idea of 5GW does not imply a shift to "cyber warfare" in its purest sense, but an additional tactic and broadened "battleground" in warfare. Over the last few years, the number of network attacks has grown exponentially. It is a dramatic change from bombing a road or power line("kinetic") versus taking down computer support systems electronically ("non-kinetic"). Both can knock out a power grid, but kinetic is much more costly and invasive (to destroy and/or rebuild) than non-kinetic. At the same time, one does not make the other irrelevant in 5GW warfare.

Cyber warfare is interesting in that it is not limited to targeting military operations. Sure, you can take down radar systems and military communications (leaving your enemy blind and deaf) and achieve a tactical victory on the battlefield. On the other hand, you can shut off televisions, phone lines, power plants, sewage plants, etc. Maybe the population's leverage (after living in their own crap without electricity for a few weeks) is enough to force a government to "surrender" before a shot is even fired. It would not be any different than the objectives of an embargo.

Maybe it's a good thing you didn't link to that blog post... I dug it up and started reading but had to switch to skimming because it's so depressing! :(

Is there any reasonable prayer of things being fixed before we're violently shown the error of our complete and total lack of cyber security? For such a severe problem that's in the news every six months or so, you'd think there'd be a lot more clamoring about fixing the problem.

If it wouldn't be more beneficial and effective to use the terms Lethal and Non-Lethal when discussing "cyber". It seems like too often the conversation turns to comparing apples and carrots.

Perhaps when you begin thinking of all the applications computers are a part of and simply remind yourself what happens if they stop working or even work incorrectly the possibilities for nonlethal to become very lethal are much more apparent.

While the generational structure may be a good teaching tool for demonstrating the changing nature of the tactics of war, it can be misleading in the sense that some may view the introduction of new tactics as a wholesale change. Sure, war evolves to take advantage of new technologies but it is timeless in its objectives. The goal remains the acheivement of some political goal. While I'm certainly not as well read in Clausewitz and Sun Tzu as I'd like to be, both of these guys spoke of this. Like WFO says, its nothing new.

Maybe my understanding is wrong (someone show me the light here, please), but war has always been about influencing the political will to fight. It was simply done in different manners by different folks. Some argued that the best way to break political will was to target military forces, others saw the populations as the appropriate target, while still others thought targeting the war making machine was the way to go. The goal remained the same-convince political leadership that continued fighting wasn't worth it.

As for changing tactics, I would agree that cyber warfare is an appropriate term since it encompasses the use of cyber to achieve military objectives. I, among others, view law in the same light. Lawfare has been defined as the use of law to acheive military objectives. This cite (http://www.haaretz.com/hasen/spages/1080189.html) by WTO in another thread is an excellent example. Although it is being pursued by a third party, the desired result is the acheivement of a military objective for Hamas as it will chill potential Israeli responses. While the use of law to acheive military objectives may or may not be new (I would argue that it is not new as the Hague Conventions actually served to acheive military objectives), it doesn't change war into something new. Rather it provides an additional means for waging war. Its the same with cyber tactics.

Maybe it's a good thing you didn't link to that blog post... I dug it up and started reading but had to switch to skimming because it's so depressing! :(

Is there any reasonable prayer of things being fixed before we're violently shown the error of our complete and total lack of cyber security? For such a severe problem that's in the news every six months or so, you'd think there'd be a lot more clamoring about fixing the problem.


We can do anything except for what we are unwilling to do. Lot of people say we should fix it, but nobody in leadership has made the decision to ALLOW it to be fixed let alone pay for it.

How much would it cost to get to work on it? So many billions are thrown at problems that aren't nearly so vital, and where the money is not being well spent. $10 billion can't be chump change when this problem is concerned, but it is when the government is kicking the budget around.

Pick a PC out of the trash, pull out the hard drive, buy a nic card, and plug it in. (http://picasaweb.google.com/lh/photo/YIs6TL3gfqpBUI7MhszRkA?authkey=Gv1sRgCOKAqt2l3ubGx QE&feat=directlink)



http://picasaweb.google.com/lh/photo/YIs6TL3gfqpBUI7MhszRkA?authkey=Gv1sRgCOKAqt2l3ubGx QE&feat=directlink

Good to be back guys, greetings.

The first civilian cyber battalion.
Worth a read.
WE PRODUCE AND REPORT ACTIONABLE INTEL
45 terrorist webmasters and terrorist hackers burned.

Start with "over watch " post.

http://warintel.blogspot.com/2009/06/key-posts-cyber-warfare.html

From:
Gerald
Internet Anthropologist
Tactical Internet Systems analyst.

Posted by Bill

http://www.securitynewsdaily.com/cyberwarfare-called-fifth-domain-of-battle-by-pentagon-0531/


"Our military must be as capable in this new domain as it is in more traditional domains,” said Deputy Secretary of Defense William Lynn III, referring to military theory that divides warfare into the domains of land, sea, air and space.

Killing people and breaking things in cyberspace is not possible. Living, breathing humans do not exist in cyberspace, nor do tangible things. Technologies for terminating humans in meatspace and breaking their stuff involving cyberspace as a transport medium for various payloads is going on now.

Technologies for influencing potential adversaries not to act in ways that might get their meatspace existence ended also transit cyberspace.

http://www.securitynewsdaily.com/cyberwarfare-called-fifth-domain-of-battle-by-pentagon-0531/



Killing people and breaking things in cyberspace is not possible. Living, breathing humans do not exist in cyberspace, nor do tangible things. Technologies for terminating humans in meatspace and breaking their stuff involving cyberspace as a transport medium for various payloads is going on now.

Technologies for influencing potential adversaries not to act in ways that might get their meatspace existence ended also transit cyberspace.

This is a technological fallacy that most people don't understand until they've been exposed to a few others. Examine the common phrase "guns don't kill people, people kill people". Though concretely incorrect (the person is a secondary actor to the technology) the same exact linkages can be made for cyber.

If, as an example I remotely turn off your pacemaker via wireless signals, does the end result not count because it wasn't a bullet? If I use a high bandwidth command and control system to run a predator drone that rains missiles down that isn't cyber, but if I hack back on that predator drone and turn it on it's owners is that cyber?

The error though common can be found in the last statement you made. Information operations are at one layer of a technological stack. Information sits upon a logical layer, and that logical layer sits upon a physical layer. At each layer a significant set of vectors of attack are possible. Each layer can also be peeled back to expose more layers. These layers can also be called surfaces and each surface is a target to attack.

This is a technological fallacy that most people don't understand until they've been exposed to a few others. Examine the common phrase "guns don't kill people, people kill people". Though concretely incorrect (the person is a secondary actor to the technology) the same exact linkages can be made for cyber.

Guns, howitzers, mortars, and small arms usually only kill people by accident. It's projectiles launched from these pieces and the damage they inflict upon human bodies that kills. The ballistic trajectory of these projectiles runs through the domain of the air, but that does not make them aircraft.


If, as an example I remotely turn off your pacemaker via wireless signals, does the end result not count because it wasn't a bullet?

Nope, doesn't count as a kinetic kill, or even as a homocide unless somebody investigates my death and can prove you turned off my pacemaker. I'll still be dead, but my death won't be counted as a cyberwar KIA if you cover your tracks right.


If I use a high bandwidth command and control system to run a predator drone that rains missiles down that isn't cyber, but if I hack back on that predator drone and turn it on it's owners is that cyber?

Your Predator's C2 is a computer network subject to attack that requires defense. If you successfully attack the Predator's C2 network and cause it to fire upon friendlies, you can call that cyber if you want. Others might call it CNA or even EW

Nope, doesn't count as a kinetic kill, or even as a homocide unless somebody investigates my death and can prove you turned off my pacemaker. I'll still be dead, but my death won't be counted as a cyberwar KIA if you cover your tracks right.

Might as well the Unknown Soldiers don't count either because the cause of death isn't clear...there are many ways, legal and otherwise of killing people in war, declared or otherwise, that are difficult to determine...the fact is that you are still dead and if done well, that creates an effect desired by your (collective) killers...

From your statements, I'm not sure you have a good grasp of cyberspace yet and your arguments are really just hair-splitting...sorry...

Oh and BTW, I just cancelled all your bank accounts and all traces of you as you...I couldn't do it in the physical world because they wouldn't let me in the gate but in cyberspace, a piece of jolly...

I don't care so much about the semantics of it. I just want to turn off the pacemaker, make your phone catch fire or explode, run down the batteries on your bombs before you go to drop them etc. In short, I only care about what mayhem and damage I can cause, and I don't care about all that semantic stuff.

I have a very good reason for taking that approach too. It's because you're busy constructing boxes to think inside of, and I don't want to do that. I want to remain focused on creatively doing as ugly things as I possibly can. If you haven't thought of them because you're too busy worrying about semantic boxes, well hey for me that's even better.

Cyber is likely to join the long list of technological tools created by the rich and powerful to expand their wealth and power, and then co-opted by the weak and powerless to re-balance the equation a bit.

Such thinks are inevitable. Understanding that allows one to mitigate how much balancing actually takes place.

I see the cyber domain as a rich playground for Special Forces to do what SF guys do best. As to whether or not is it our SF or cyber guerrilla's of another ilk that steps up to seize this advantage is yet to be seen.

I argued once for adding electronic warfare as the fourth pillar of combined arms, but I guess declaring 'cyber warfare' a "fifth domain" sounds more sexy.

Oh and BTW, I just cancelled all your bank accounts and all traces of you as you...I couldn't do it in the physical world because they wouldn't let me in the gate but in cyberspace, a piece of jolly...

:) Smile when you say things like that, pilgrim, lest you be taken seriously.

Damn, I was hoping for "Thirty Sixth Chamber of Shaolin."

What say you all to the idea that the "new" domain is the information domain and that cyberwarfare is just one aspect of operating in this domain?

An additional thought about effects of this type of warfare: wreaking havoc on your economic and information systems (to name a just a few potential targets) through cyber certainly qualifies in my book as a violent act designed to bend an opponent to your will. Instead of physically breaking things like tanks, aircraft, or people, which is theoritically still possible through cyber, you are destroying parts of systems that play a critical part in a modern nation's ability to conduct its affairs and look after its interest. My point is that you dont have to punch someone in the nose to perpetrate a violent act against them and that the legitimacy of a domain in which to conduct warfare doesn't depend on whether you can physically break something in it.

Isn't "information" a line of operations that takes place in many domains?

Beyond that vast bucket of "Information Operations" that DoD dumped half a dozen things into. I know at SOCOM, for instance, they felt compelled to say they do "IO" even though SOF really only has major equities in a couple of niche aspects of IO. Better if SOCOM narrowed their aperture and said they did "IO (-)"

I think it is best that we look at cyber as a domain to conduct a range of operations within, not all of which are to "inform."

For instance, if I were to say, stand up a smart team of guys in a high-tech facility to conduct UW in some foreign country where physical presence is not practical in order to support or enact US foreign policy there; that is not an information operation. Certainly it would use info tools but that does not define the operation or the unit (on a related note to the army re Stryker BDES, WTF on naming your unit after your vehicle?).

One of the issues is "cyber" it is a domain that reaches from the technology through the physical, onwards through logical, to information, to cognitive and back". When you see quotes like "Cyber, is the first man made domain" well yes it is. But, it is much more than that. Much like any other domain/terrain cyber has layers. To expect them not to exist is to ignore the realities. The military (and government) likes to define and limit a concept to the ideas and conclusions they have already made. Regardless of that the capabilities and abilities of adversaries to operate within a domain are not similarly constrained. Many people fall into the trap of silos or limiting cyber. The information operations (psyops, strategic communications, etc.) want to own it. The TCP/IP monkeys think they own it. The telecom guys think they own it. Pishaww. It is a domain with many layers and is much more than the Internet or even GIG. Cyber is not merely information it is inclusive of emotion and electro magnetic spectrum. It is both the tool and the channel, but not merely limited to that.

Think of it this way. What is the domain "air". Why everybody has to land sooner or later why aren't all "airmen" soldiers? The limitations of an analogy or metaphor will soon limit the considerations of the strategic and tactical implications of the domain in question. Air existed as a valid domain long before airplanes become warplanes. Cyber in various forms has existed as a valid domain for a long time. Cyber is a domain in which information operations exists, but is more than information operations itself. There are a variety of ways to describe this... (see here for more detailed than you are willing to likely read analysis (http://selil.com/?p=336)).

Isn't "information" a line of operations that takes place in many domains?

That sounds reasonable to me. My question was prompted by some reading that I had to do for school lately that suggested that information was the 5th domain and that cyber was a function within the information domain.

A related argument is whether IO should be adopted as a warfighting function. I am not sure whether making it an "official" warfighting function has any real value, other than ensuring that it is in the forefront of planner's minds as they seek to synchronize their operations, but if it is on par with the other 6 WFs then it would make sense that it is something that should be a consideration in all domains and not a domain itself.

Getting the message right and designing every operation to best convey the intended message is definitely something we suck at all levels.

I think "intended message" should be briefed back to the commander following mission analsys, and that he should approve it along with the restated mission. He then should direct his staff to incorporate "conveys intended message" in the COA comparison and anlysis matrix and direct that it be weighted by a factor of 2 or 3.

By doing this the commander has exercised his duty in defining and prioritizing the message of the operation (be it a convoy, a deliberate attack, or a humanitarian assistance event) and ensured that his planners shaped their COAs to be consistent with and help project that message.

Currently it is typically something the MISO/PSYOP guy buries in an annex or does off in some corner while the "real operation" is given all the focus. Getting the message right and designing the operation to convey it IS the real operation more often than not in places like Afg or Iraq, or other OEF locations.

Cyberwarfare is conducted on the same substrates as electronic warfare. And since even most EW applications are digitally managed, why bother the distinction? The only difference is the degree of abstraction in you accept in implementing your attack or defense: cutting a wire or shielding a receiver versus blocking a port and installing an SSH server.

Cyberwarfare is conducted on the same substrates as electronic warfare. And since even most EW applications are digitally managed, why bother the distinction? The only difference is the degree of abstraction in you accept in implementing your attack or defense: cutting a wire or shielding a receiver versus blocking a port and installing an SSH server.

That is a very self limiting view of cyber. A very network centric view of cyber. Yet cyber is much more than just the network. It is found in the operating systems, the thinking of users, and much more. It is is the electro magnetic spectrum. Since cyber really comes from command and control (as discussed by Norbert Wiener fifty or so years ago, and we can see cyber going back centuries it is not just an Internet fad. Even William Gibson realized when coining cyber space that there was more to cyber than just the network.

That is a very self limiting view of cyber. A very network centric view of cyber.

On the contrary, I don't assume a network at all; and certainly EW doesn't. The only thing assumed is a substrate for signals governed by the laws of electromagnetism.


Yet cyber is much more than just the network. It is found in the operating systems, the thinking of users, and much more. It is is the electro magnetic spectrum.

This was precisely the point I made when I stated "[c]yberwarfare is conducted on the same substrates as electronic warfare."


Since cyber really comes from command and control (as discussed by Norbert Wiener fifty or so years ago, and we can see cyber going back centuries it is not just an Internet fad. Even William Gibson realized when coining cyber space that there was more to cyber than just the network.

Is EW any less unrelated and concerned with control than cyber?

Those of you following issues of cyberwar likely subscribe to the Dailydave Newsletter, and Dave Aitel--a veteran of the NSA and CEO of Immunity, Inc.--recently posted a link to a work-in-progress presentation entitled "The Three Cyber-War Fallacies." (http://prezi.com/vunircise2q8/three-cyber-war-fallacies/) In it, Aitel seeks to debunk the following three claims:


1. Cyberwar is asymmetric.
2. Cyberwar is non-kinetic.
3. Cyberwar is not attributable.


These are all provocative claims worth examining, so I wanted to see if anyone here wanted to debate one or more of these. At any rate, read through the presentation. It makes for interesting reading even in its unfinished form.

I don't subscribe to "Daily Dave" I've got enough to chew on already. I looked at the presentation, but I don't know much about cyber warfare but for grins and giggles.


1. Cyberwar is asymmetric.
2. Cyberwar is non-kinetic.
3. Cyberwar is not attributable.

Of course cyber war is asymmetric. If you put "cyber" and "war" together than cyber is the modifier of war. War is inherently asymmetric otherwise it is a stalemate. That is as Clausewitz, Sun Tzu as you can get. Why would you engage in conflict it it was symmetric? That is why peer competitors rarely are aggressors towards each other.

The technical dimension or "cyber" expertise adds another dimension to the conflict spectrum of cyber. This technical dimension is also an element in the semantic layer of the cyber warfare domain. Of course that is if you take a multidimensional approach to cyber and don't try and smash it in with big war analogies and such. This also requires a spectrum approach rather than "silo" approach to cyber.

Cyber is kinetic. Stuxnet isn't only the proof, but dozens and dozens of other examples exist in the SCADA realm. Stuxnet is actually proof that "all ur air gaps belong to us". That is what is cool about Stuxnet.

As to attribution? Yes another fallacy. The best logic breaker on this one though is from other areas of forensics. How long does a full DNA screen take in a competent forensically sound manner? Weeks? At least days? How long does it take to do computer forensics on an attack? Weeks? At least day? But, the Internet is anonymous? <bs> It is only that way to a very few people, and you can detect those kinds of attacks too.

So. Three myths? I don't know if they are myths or just simple misunderstood. They may have had a bad childhood.

The point about the "OODA" loop is kind of out of left field. The OODA loop is nothing more than another explanatory model for the decision cycle. Decision sciences is filled with them, (SPA- search predict act; IPDE - identify, predict, decide, execute). The 1950s were rife with them as ways of managing risk or industrializing management processes. OODA isn't really anything special just something most military folks understand. So seeing "This isn't an OODA loop" has me fussy.

WASHINGTON—The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military.

Read more: http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html#i xzz1NxpKALeP

I keep asking and it never gets an answer:

What does "cyber" mean?

If cyberspace is a domain, then we should be able to describe cogently what is meant by a cyber (sic) "war".

Wouldn't "cyber-style" attack (absent any other useful definition) be the tipper that leads to a response decision, vice a whole "war"?

I keep asking and it never gets an answer:

What does "cyber" mean?

If cyberspace is a domain, then we should be able to describe cogently what is meant by a cyber (sic) "war".

Wouldn't "cyber-style" attack (absent any other useful definition) be the tipper that leads to a response decision, vice a whole "war"?

Cyber literally means command and control. Less literally the domain in which all of that happens. Now describe sea without self referencing it or using a synonym.

Cyber literally means command and control. Less literally the domain in which all of that happens. Now describe sea without self referencing it or using a synonym.

No. Command and Control means "command and control". Otherwise the Air Force wouldn't have changed all their Comms folks into "Cyber Warriors".

Seriously? Literally means? Where is the "literal" part?

It's not called "the sea". It's called the "maritime domain" which is defined in JP 1-02 as "The oceans, seas, bays, estuaries, islands, coastal areas, and the
airspace above these, including the littorals."

And that is both "littoral" and "literal".

Again, without a cogent definition of "cyber" this is a moot exercise.

I know...broken record....but just putting a word in front of another doesn't not necessarily modify.

As a non-expert who can barely handle basic HTML I understand cyberwarfare to entail attacks upon networked resources via the use of networked resources (which is to say that blowing up a server room would not count as cyberwarfare).

Again, without a cogent definition of "cyber" this is a moot exercise.

I know...broken record....but just putting a word in front of another doesn't not necessarily modify.

Aitel's project here is getting towards that definition.

Of course cyber war is asymmetric. If you put "cyber" and "war" together than cyber is the modifier of war. War is inherently asymmetric otherwise it is a stalemate. That is as Clausewitz, Sun Tzu as you can get. Why would you engage in conflict it it was symmetric? That is why peer competitors rarely are aggressors towards each other.

Still processing the other bits of your post, but from what I gathered, Aitel is arguing that attacking or gaining access to computers is wrongly considered to be "asymmetric" in the same way, say, a ASBM being launched against a carrier is--that is, a "cheap" system of tactics/weapons used against an "expensive" system. Instead, there are these massively expensive parts of the cyberwar picture that are getting overlooked in "maintenance" and "analysis."

What's the differance, if any, between "cyber"-warfare and old fashiooned Electronic Warfare? Isn't "cyber" warfare merely an extension of electronic warfare using an examded medium/technological base?

Sorry, don't really go in for neologisms unless they're absolutley necessary.

Of course cyber war is asymmetric. If you put "cyber" and "war" together than cyber is the modifier of war. War is inherently asymmetric otherwise it is a stalemate. That is as Clausewitz, Sun Tzu as you can get. Why would you engage in conflict it it was symmetric? That is why peer competitors rarely are aggressors towards each other.
You're taking it a little too broadly. Yes, any conflict can, in some form, be described as "asymmetric", but given that, it's a simple matter and common practice to select for conflicts which are more extreme in their asymmetry. Your statement is comparable to saying that it's pointless to describe any person as "tall", because all people are taller than ants. Within the range of asymmetry that can be seen in warfare, some types of warfare are more asymmetric than others, and those are the ones we call "asymmetric warfare".


As a non-expert who can barely handle basic HTML I understand cyberwarfare to entail attacks upon networked resources via the use of networked resources (which is to say that blowing up a server room would not count as cyberwarfare).
I'm not the one to ask for a precise definition, but I'd say blowing up a server room could count as cyberwarfare. It depends on why you did it. If you blow up the room to kill the guy in it, maybe it's not really cyberwarfare; if you did it to take down the network the room serves, maybe it is. If you blow up the room to kill the IT techs who are preventing you from infiltrating your target network... maybe that counts too. I'm not sure it's actually all that necessary to strictly define what cyberwarfare means; as the practice grows, it will be integrated more completely into other forms of warfare (and other forms of warfare will be integrated into it).

I'm not the one to ask for a precise definition, but I'd say blowing up a server room could count as cyberwarfare. It depends on why you did it. If you blow up the room to kill the guy in it, maybe it's not really cyberwarfare; if you did it to take down the network the room serves, maybe it is. If you blow up the room to kill the IT techs who are preventing you from infiltrating your target network... maybe that counts too. I'm not sure it's actually all that necessary to strictly define what cyberwarfare means; as the practice grows, it will be integrated more completely into other forms of warfare (and other forms of warfare will be integrated into it).

Is a commando sent to raid an airfield sent to do aerial warfare? Does it matter if a jump and/or forward air control is involved? However someone might answer those questions—and it would not surprise me if a body of literature debating such questions exists as I have seen much critical ink spilled in academia over less interesting questions—the fact would remain that without a thing called aerial warfare there would be no such thing as a raid on an airfield.

Is a commando sent to raid an airfield sent to do aerial warfare? Does it matter if a jump and/or forward air control is involved? However someone might answer those questions—and it would not surprise me if a body of literature debating such questions exists as I have seen much critical ink spilled in academia over less interesting questions—the fact would remain that without a thing called aerial warfare there would be no such thing as a raid on an airfield.

Lets bear in mind...although there is an "air domain" both the maritime and land domains do claim a portion of the air above them for their operations as well. Further, there is almost always "inter-domain" operations, especially once you are considering actions beyond the most tactical level. So the example above does not really track with the question at hand.

(On a humorous side note: an AF Space officer, when asked where the air domain ends and space domain begins, replied, "when your air-breathing engine stops working, you're in space".

What's the differance, if any, between "cyber"-warfare and old fashiooned Electronic Warfare? Isn't "cyber" warfare merely an extension of electronic warfare using an examded medium/technological base?

Sorry, don't really go in for neologisms unless they're absolutley necessary.

Up until cyberspace was declared a separate domain, the answer was "nothing". "Cyber" was covered under "Computer Network Operations" part of IO doctrine. The designation of this domain has truly disrupted many things; things that were really not thought through before such designation was made.

Aitel's project here is getting towards that definition.

Until it's in JP 1-02 and explained via a stand alone Joint Pub (e.g. JP 3-12), it would be just another opinion, however well researched.

Right now, JP 1-02 does not even fully recognize cyberspace as a warfighting domain. I just looked at the just released JP 1-02..it ain't in there. However there is a term called "full spectrum superiority" that makes a pretty interesting distinction (emphasis added):


full-spectrum superiority — The cumulative effect of dominance in the air, land, maritime, and space domains and information environment that permits the conduct of joint operations without effective opposition or prohibitive interference.

1. Cyberwar is asymmetric.
2. Cyberwar is non-kinetic.
3. Cyberwar is not attributable.

All "asymmetry" means is not taking on an adversary they way that adversary battles you. If you saw the movie "Tin Cup", the protagonist challenges an opponent to a golf round using only garden tools. Was it a "war"? Yes. Was asymmetry applied? Yes. The effects desired were achieved. It could easily be argued that the protagonist entered the contest at equal or greater skill. But rather than contest the ground (so to speak) with traditional "weapons" he used irregular ones.

Kinetic/non-kinetic; Lethal/Non-lethal are all going to blur as more things from which kinetics and lethality derive are computerized, have an IP address, or are controlled remotely using portions of the electromagnetic spectrum.

Attribution will come more from the will to say who than the ability to discover who. If a bunch of "religious extremists" plan, resource, and conduct their ops from a country (say, Outer Slabovia), there is usually no difficulty declaring that country a "state sponsor of terrorism". Yet if that same bunch were to conduct hacking and what not from IP addresses emanating from that same country, all manner of contortions are done to say it is "unattributed".

A mentor of mine sent this to me and I thought it was worth sharing...just to keep things in perspective...

It's War!

http://www.youtube.com/watch?v=yyeKYQdYISg

The point about the "OODA" loop is kind of out of left field. The OODA loop is nothing more than another explanatory model for the decision cycle. Decision sciences is filled with them, (SPA- search predict act; IPDE - identify, predict, decide, execute). The 1950s were rife with them as ways of managing risk or industrializing management processes. OODA isn't really anything special just something most military folks understand. So seeing "This isn't an OODA loop" has me fussy.

Yeah, I agree. I'd like to hear more on what he is getting at there.


Until it's in JP 1-02 and explained via a stand alone Joint Pub (e.g. JP 3-12), it would be just another opinion, however well researched.

Right now, JP 1-02 does not even fully recognize cyberspace as a warfighting domain. I just looked at the just released JP 1-02..it ain't in there. However there is a term called "full spectrum superiority" that makes a pretty interesting distinction (emphasis added):

Why wait for the definition to get reified in doctrine? It's not like doctrine will end the debate anyway; did FM3-24 put "COIN" as theory and practice to rest? My interest is in out-of-the-box thinking on that thing (some of which is new, some of which is old as dirt) that people call "cyberwar." DoD shouldn't be held up as the ultimate arbiter here, because frankly they may not have it right. It wouldn't be the first time, would it?


All "asymmetry" means is not taking on an adversary they way that adversary battles you. If you saw the movie "Tin Cup", the protagonist challenges an opponent to a golf round using only garden tools. Was it a "war"? Yes. Was asymmetry applied? Yes. The effects desired were achieved. It could easily be argued that the protagonist entered the contest at equal or greater skill. But rather than contest the ground (so to speak) with traditional "weapons" he used irregular ones.

I don't disagree with this characterization of asymmetry, but what really interests me is how Aitel characterizes cyberwar as less asymmetric then it is popularly conceived. He is challenging the notion that cyberwar, according to Rand and others, is "more asymmetric than most." Here's the quote from Cyberdeterrence and Cyberwar (PDF) (http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf):


Perfectly symmetric warfare does not exist, particularly when the United States is involved. Yet cyberwarfare may be asymmetric than most. The U.S. economy and society are heavily networked; so is its military. The attacker, by contrast, may have no targets of consequence, either because it is not particularly digitized, because its digital assets are not networked to the outside world, or because such assets are not terribly important to its government.

I don't know if I agree with Aitel's view or Libicki's. Are you saying that both Aitel and Libicki have it wrong here? Are you saying something different entirely?

It seems like most people agree with #2 and #3 as being fallacies, but they don't agree with #1.

What's the differance, if any, between "cyber"-warfare and old fashiooned Electronic Warfare? Isn't "cyber" warfare merely an extension of electronic warfare using an examded medium/technological base?

Sorry, don't really go in for neologisms unless they're absolutley necessary.
A case could be made for that, though I do think there are substantial differences between electronic warfare and what is generally referred to as cyberwarfare (currently, at least; the technologies will eventually grow together). Someone who is recognized as an electronic warfare specialist might very well be completely lost when it comes to defending against or conducting a cyberwarfare attack. There is a lot of overlap--encryption being the main shared set--but there's still a technology gap. E-war can be conducted with equipment half a century old, for one thing.

On the other hand, "cyberwar" is such a ridiculous gee-whiz term; I've always hated it.

Lets bear in mind...although there is an "air domain" both the maritime and land domains do claim a portion of the air above them for their operations as well. Further, there is almost always "inter-domain" operations, especially once you are considering actions beyond the most tactical level. So the example above does not really track with the question at hand.

(On a humorous side note: an AF Space officer, when asked where the air domain ends and space domain begins, replied, "when your air-breathing engine stops working, you're in space".

It strikes me that maritime, air, and space domains all have a location attribute—they can be identified using a Cartesian coordinate system. One useful question might be, “Is cyberspace not a domain because it lacks a location attribute or is cyberspace unique as a domain in its lack of location attribute?”*

*The infrastructure necessary for the existence of cyberspace can of course be put on a grid but the space in cyberspace is just a metaphor (https://secure.wikimedia.org/wikipedia/en/wiki/Cyberspace#Metaphorical), and a not very felicitous metaphor as far as I am concerned.

On the other hand, "cyberwar" is such a ridiculous gee-whiz term; I've always hated it.

Hate it or not it has been with us a long time. One of the issues I still see, as in this thread, is an attempt to restrict cyber to the network (whatever that is), and ignore the broader implications.

*The infrastructure necessary for the existence of cyberspace can of course be put on a grid but the space in cyberspace is just a metaphor (https://secure.wikimedia.org/wikipedia/en/wiki/Cyberspace#Metaphorical), and a not very felicitous metaphor as far as I am concerned.

That definition is the result of highly inherent biases towards the technological attributes and forgetting the entirety of the scope of cyberspace. Gibson was looking for a lyrical bent when he said cyberspace was a common delusion. He was right when you think of it as cognitive as well as technological. Elements of many different areas make up the tools we interact with the terrain of cyberspace. Much like any other terrain.

The idea of cyberspace is far from new. The man-machine interface predates the modern computer. Norbert Wiener wrote cybernetics back in the late 50s. That discussion after about a decade devolved into a metaphysical discussion which simply couldn't withstand the Popperian/empiricist politics of the time. I'm afraid cyberspace will likely go that way within the next decade.

A mentor of mine sent this to me and I thought it was worth sharing...just to keep things in perspective...

It's War!


Quid Pro Quo, Clarice... (http://www.youtube.com/watch?v=UAeqVGP-GPM)

Dave said this on his mailing list, & I thought it was pretty good although his examples weren't quite as hot. I wanted to pass it on because when I read it I thought of you rogues.


So what is a weapon of mass disruption? I would say one feature of Cyber is that it DIRECTLY attacks things that can only be indirectly attacked by other measures.

I'd use Stuxnet as an example of that, & then in something of a narrative slide, the HB Gary hacks, & then Dave's examples:
One, easy to see example, is political parties. Obama's campaign got hacked in 2008. Palin's mailspools leaked in 2008. No one seemed to care about either other than for the lulz..

The Stuxnet hacks were semi-kinetic, which is why I think they're a useful example.

Not a YouTube item, but a story that made me wonder:http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/8553366/MI6-attacks-al-Qaeda-in-Operation-Cupcake.html

Not really cupcakes, but computer code;
..When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef” they were greeted with garbled computer code.

Lookout Main Street Cupcakes in Hudson, Ohio. has someone told DHS?:rolleyes:

Dave said this on his mailing list, & I thought it was pretty good although his examples weren't quite as hot. I wanted to pass it on because when I read it I thought of you rogues.



I'd use Stuxnet as an example of that, & then in something of a narrative slide, the HB Gary hacks, & then Dave's examples:

The Stuxnet hacks were semi-kinetic, which is why I think they're a useful example.

Solar Sunrise is a great example of mass disruption of a nation state by a hacker. See the youtube video (http://www.youtube.com/watch?v=bOr5CtqYnsA) for how to stop a war.

The best kinetic example I know of to date is the 1982 is the Russian pipeline explosion (http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage) was purposeful software exploitation.

That's one of the issues with network centric views of cyber. It ignores vast areas of cyberspace and the techno centric societies vulnerabilities. Up-supply-chain hacking is just now getting press or noticed. Yet it is a perfectly valid (and validated) method of attacking technology.

It does not matter what one believes or knows when it comes to declaring such an act to be "war"; what matters is what one can prove.

This is the new reality of the modern age, individuals can commit grievous crimes and states can commit acts of war....and what can the targeted party do in response???

Wage war against Afghanistan and Iraq when one is attacked by men from Saudi Arabia who launched their attack from within the US??? That would be crazy.

States have a challenge on their hands. States still believe that they have "monopolies" on things like "violence" or even "governance." Reality is that arguably states really don't have a monopoly on anything anymore, and any efforts to enforce such fictitious monopolies are sure to end in frustration.

An end of state monopolies does not, however, mean an end of states, but it does mean the "market" for influence and power is evolving; who has the power, how power is applied, etc.

The end of Standard Oil's monopoly did not mean the end of massive oil companies. The end of Ma Bell's monopoly did not mean the end of massive communications companies. But there was a natural evolution.

So too is governance as we know it, and what makes a "state", undergoing evolution as well. The sooner we recognize and embrace the trends, the sooner states get back on track at being the go-to answer.

How people identify is evolving. We all identify at multiple levels, but which of those identity levels is one willing to die for? For your family? Your religion? Your state? Perhaps some internal group that challenges your state? Or perhaps some external group that extends across multiple states?

Cyber is just a domain that has become active. Far more interesting is how activity within that domain changes the rules of the game. To wage war against things we don't like but cannot control within that domain is playing by a rule book that no longer apples. What are the new rules? I don't know. No one does.

States have a challenge on their hands. States still believe that they have "monopolies" on things like "violence" or even "governance." Reality is that arguably states really don't have a monopoly on anything anymore, and any efforts to enforce such fictitious monopolies are sure to end in frustration.

States are doing it to themselves! They are creating the very crisis they are trying to avoid. Here is a quote by Dr. Paul Craig Roberts (under Sec. of Treas. during Pres. Reagan) hardly what you would call a lefty liberal.


The United States is the first country in history to destroy the prospects and living standards of its own working people." It is the "market..

Globalization that is driving most of it.

Hate it or not it has been with us a long time. One of the issues I still see, as in this thread, is an attempt to restrict cyber to the network (whatever that is), and ignore the broader implications.

It's been with us because the zealots want to have it both ways..use "cyber" in a sentence and feel manly by saying "war"... :D

Why wait for the definition to get reified in doctrine? It's not like doctrine will end the debate anyway; did FM3-24 put "COIN" as theory and practice to rest? My interest is in out-of-the-box thinking on that thing (some of which is new, some of which is old as dirt) that people call "cyberwar." DoD shouldn't be held up as the ultimate arbiter here, because frankly they may not have it right. It wouldn't be the first time, would it

You can't think "outside the box" if you don't know where the box is. You need doctrine if for no other reason than to have either a point of departure or something to ignore.

Also, for the less informed, without a doctrinal basis it is difficult to budget for capabilities.

We are held up/held hostage by the zealots who insist on cyberspace as a separate domain, rather than capabilities and/or a dimension within the existing physical domains. When you change verbs to nouns (i.e "conducting cyberspace ops/CNO" -verb to "cyberspace is a domain - noun), you need doctrine to justify budget line items. Nature of the beast folks.

That's why DOD is properly resourced and DHS/State are not so much so.

It strikes me that maritime, air, and space domains all have a location attribute—they can be identified using a Cartesian coordinate system. One useful question might be, “Is cyberspace not a domain because it lacks a location attribute or is cyberspace unique as a domain in its lack of location attribute?”*

*The infrastructure necessary for the existence of cyberspace can of course be put on a grid but the space in cyberspace is just a metaphor (https://secure.wikimedia.org/wikipedia/en/wiki/Cyberspace#Metaphorical), and a not very felicitous metaphor as far as I am concerned.

If cyberspace isn't a "place" then where are we fighting? This global commons/contested commons argument loses some steam when you remember that nation-states do regulate use of the electromagnetic spectrum. So there already is some idea of sovereignty, and it is in the context of the existing (physical) domains. Even via space, sovereignty is established via the orbiting platforms. Also, SATCOM transmissions cannot "land" without "landing rights". So the case for this new, unique "domain" is hardly concrete.

If cyberspace isn't a "place" then where are we fighting?

Maybe an office suite in Guangzhou, maybe a hotel in Odessa, maybe an apartment in Lagos. There is ultimately a physicality to be reckoned with. The EMS is in the physical world; where is “the” cyberspace?

I would say cyberspace is unique due to its lack of a location attribute. Dismissing cyberspace as a domain makes it difficult to operate effectively because minor actions, in terms of physicality (intrusion into one server for only a few minutes, say) can have major ramifications. As a domain, cyberspace possesses points of vulnerability that simply don't appear on the maps of any other domain.

Maybe an office suite in Guangzhou, maybe a hotel in Odessa, maybe an apartment in Lagos. There is ultimately a physicality to be reckoned with. The EMS is in the physical world; where is “the” cyberspace?

So, all you've done is say, that cyberspace operations are another dimension of the physical domains. Using your thought process, if I shoot an ICBM, the missle is the "domain" that just happens to depart a silo on land and impact a land/sea target elsewhere.

I'm not saying cyberspace is NOT a domain - academically it certainly is; that horse has left the barn. But as a "warfighting" domain, it is really not described in a way that distinguishes it from the physical domains.

This is probably the most interesting "fallacy" of cyberwar - if for no other reason than because it is the most counter-intuitive.

You get hilarity such as the following: From the CNAS report http://www.cnas.org/node/6405) volume 1 page 30:


In addition to a favorable cost ratio, attackers also possess advantages in the required levels of effort and complexity. According to the Defense Advanced Research Project Agency (DARPA), the number of lines of code included in security software increased from several thousand 20 years ago to nearly 10 million today. Over the same period, the number of lines of code included in malware remained constant at approximately 125. In other words, cyber defenses have grown exponentially in effort and complexity, but they continue to be defeated by offenses that require far less investment by the attacker.

These are things that can't possibly be true, of course, but they sound good when said to Congress!

People look at LulzSec and see an asymmetric operation - but small hacker groups are essentially resource peers with the organizations they take on (imho).

-dave

Referring to an earlier post:
I don't disagree with this characterization of asymmetry, but what really interests me is how Aitel characterizes cyberwar as less asymmetric then it is popularly conceived. He is challenging the notion that cyberwar, according to Rand and others, is "more asymmetric than most.

Here's the quote from Cyberdeterrence and Cyberwar (PDF) (http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf):


I don't know if I agree with Aitel's view or Libicki's. Are you saying that both Aitel and Libicki have it wrong here? Are you saying something different entirely?

It seems like most people agree with #2 and #3 as being fallacies, but they don't agree with #1.

You can't think "outside the box" if you don't know where the box is. You need doctrine if for no other reason than to have either a point of departure or something to ignore.

Also, for the less informed, without a doctrinal basis it is difficult to budget for capabilities.

Within the limited purview of DoD, I don't disagree with either of these points. However, the larger conversation on this started long, long ago and isn't waiting for DoD to release some publication on it. My view is that we should get out in front with the non-DoD, non-government folks.


We are held up/held hostage by the zealots who insist on cyberspace as a separate domain, rather than capabilities and/or a dimension within the existing physical domains. When you change verbs to nouns (i.e "conducting cyberspace ops/CNO" -verb to "cyberspace is a domain - noun), you need doctrine to justify budget line items. Nature of the beast folks.

That's why DOD is properly resourced and DHS/State are not so much so.

I do agree that cyberspace as a separate domain, perhaps, misdirects the focus of what we are discussing. After all, when someone writes an exploit or takes advantage of some misconfiguration in a network to gain or deny access, they are attacking humans and human processe ultimately. The medium--a wireless network, an embedded device, whatever--is inconsequential.

Where I think the distinction is useful is in the cultural differences of practitioners. Plus, there has been a proliferation of new technologies (either in outright invention or creation of 'mash-ups') that are worth flagging with a new term.


It's been with us because the zealots want to have it both ways..use "cyber" in a sentence and feel manly by saying "war"... :D

Who in this thread is handing out valor awards to "cyberwarriors"? You're setting up a silly strawman here.

Within the limited purview of DoD, I don't disagree with either of these points. However, the larger conversation on this started long, long ago and isn't waiting for DoD to release some publication on it. My view is that we should get out in front with the non-DoD, non-government folks.


Very true. But, there are a lot of concrete thinkers who can't figure that out.

Gents: we need some intellectual honesty and parameters in this debate.

Are we talking about this topic in broad and academic terms, unconstrained by actual policy? Clearly two correspondents here are not focused on the processes by which the DOD funds it's operations, and therefore how DOD can posture itself to operate in this new realm.

It is cute and smarmy to rail against "concrete thinkers" when the subject of doctrine is raised. And, if correspondents are not actually responsible for implementing policy, it is easy to claim to have the answers.

Want to know why the non-DOD interagency is handcuffed? They don't have anything akin to "doctrine" and therefore no way to justify the capabilities it requires to operate in the cyberspace domain. Consequently, they are unfunded or woefully underfunded.

Private concerns or other Nation-States may not use the term "doctrine" but they have something like it that helps them establish parameters for what they want to be able to do, how they want to operate in cyberspace, how they will defend and, if such is in their interest, how to conduct offensive operations.

It is cute and smarmy to rail against "concrete thinkers" when the subject of doctrine is raised.

Cute and smarmy in the same sentence? Put a fork in me I'm done.

Maybe an office suite in Guangzhou, maybe a hotel in Odessa, maybe an apartment in Lagos. There is ultimately a physicality to be reckoned with. The EMS is in the physical world; where is “the” cyberspace?

I can put myself any of those places, and all of them if I want to. In fact being lost in some digital rats nest is something of an advantage to anyone doing it.

I wonder if the Pentagon's formal cyber strategy will articulate a threshold for when attacks on private sector resources become a national security issue. The recent attack on RSA SecurID tokens is going to come with one hell of a price tag when all is said and done. (http://www.bloomberg.com/news/2011-06-08/emc-s-rsa-security-breach-may-cost-bank-customers-100-million.html) But aside from the cost the impressive thing is the sheer reach. Multiple industries, tens of millions of employees and customers, and the daunting physical reality of possibly having to replace 30 to 40 million SecurID tokens. Even replacing 5% of the tokens in circulation will take some time. Money quote from the end of the article:


"Ullrich said the attack “was definitely state-sponsored” espionage because the scheme was so sophisticated."

This ought to be interesting -


WASHINGTON — The International Monetary Fund, still struggling to find a new leader after the arrest of its managing director last month in New York, was hit recently by what computer experts describe as a large and sophisticated cyberattack whose dimensions are still unknown.

The fund, which manages financial crises around the world and is the repository of highly confidential information about the fiscal condition of many nations, told its staff and its board of directors about the attack on Wednesday. But it did not make a public announcement.

http://www.nytimes.com/2011/06/12/world/12imf.html?_r=1

It seems unlikely with the technology I am aware of that combat will come about as a result of a cyber attack. It is just too easy to cover your tracks. For some time I expect serious attention will be payed to making tracing of attackers a surer thing. Until that time good old fashion spy work and a lot of our own hacking will be the way to find perpetrators and barring that leaving tasty little poison pills around to go after the perpetrators information and infrastructure seems likely. The only problem with that is that the bad guys eventually have your poison pill codes and can use it against you on less defended portions of your information structure. We need computers and networks designed from the ground up with security in mind and independent networks that are not connected to the internet for critical infrastructure.

Perhaps there is already technology that can catch the perpetrators of cyber warfare with their hand in the cookie jar. The fact that we are considering this an act of war may suggest it already exists.

Did I make Dr. Evil finger-quotey motions when I said "interesting"?


Hackers who broke into the International Monetary Fund's computer system may have been backed by a nation state, according to security experts.

They point to the sophisticated nature of the attack and the resources needed to develop it.

Malicious software, designed to steal confidential files, was installed on at least one IMF computer.

http://www.bbc.co.uk/news/technology-13748488

Derp.


US officials said they have ordered a security review after hackers managed to break into the Senate website at the weekend.

An official said the incident had been "inconvenient", but had not compromised the security of the staff.

The confirmation came after Lulz Security, a loosely aligned group of hackers, said it had carried out the attack for fun and posted files online.

Lulz has previously targeted Sony, Nintendo and Fox News.

http://www.bbc.co.uk/news/world-us-canada-13758361

If there is widespread Chinese hacking of sensitive U.S. networks and critical infrastructure, what has the administration said about it to the Chinese government? Specifically, did President Obama raise concerns about these attacks with Chinese President Hu Jintao at the White House this spring?

Since defensive measures such as antivirus software and firewalls appear unable to stop the Chinese penetrations, does the administration have any plan to address these cyberattacks?

In private, U.S. officials admit that the government has no strategy to stop the Chinese cyberassault. Rather than defending American companies, the Pentagon seems focused on "active defense," by which it means offense. That cyberoffense might be employed if China were ever to launch a massive cyberwar on the U.S. But in the daily guerrilla cyberwar with China, our government is engaged in defending only its own networks. It is failing in its responsibility to protect the rest of America from Chinese cyberattack.

http://online.wsj.com/article/SB10001424052702304259304576373391101828876.html?m od=googlenews_wsj

WASHINGTON (AP) - President Barack Obama has signed executive orders that lay out how far military commanders around the globe can go in using cyberattacks and other computer-based operations against enemies and as part of routine espionage in other countries.

The orders detail when the military must seek presidential approval for a specific cyber assault on an enemy and weave cyber capabilities into U.S. war fighting strategy, defense officials and cyber security experts told The Associated Press.

Signed more than a month ago, the orders cap a two-year Pentagon effort to draft U.S. rules of the road for cyber warfare, and come as the U.S. begins to work with allies on global ground rules.

The guidelines are much like those that govern the use of other weapons of war, from nuclear bombs to missiles to secret surveillance, the officials said.

http://apnews.myway.com/article/20110622/D9O0SERG0.html

Should We Fire the First Shot in a Cyberwar?
Defending against an attack is so hard that some think a stronger offense is required.
http://m.technologyreview.com/web/39315/

Should We Fire the First Shot in a Cyberwar?
Defending against an attack is so hard that some think a stronger offense is required.
http://m.technologyreview.com/web/39315/

Defense and Offense are different and simultaneous. Parallel, but interlocked efforts. That is probably what makes this a unique warfighting domain.

China-Based Hacking of 760 Companies Shows Cyber Cold War

Google Inc. (GOOG) and Intel Corp. (INTC) were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyber spies on iBahn, a provider of Internet services to hotels, takes some explaining.

http://mobile.bloomberg.com/news/2011-12-13/china-based-hacking-of-760-companies-reflects-undeclared-global-cyber-war

Like any of the other domains cyber has different roles that inherently suggest capabilities and also responsibilities. If you accept cyber as a defacto domain.

Computer Network Attack, Defense, and Operations are elements of nation state capability to wage war and control communications and control mechanisms.

Information (assurance) and security is about users, corporations, and non-military governmental entities protecting their information assets.

This is not an equivocation, but a realization that not all attacks rise to the level of war, and that not all capabilities are about making war. We have police forces for taking care of crime, but militaries for taking care of similar actions/behaviors that carry quite different consequences. Not all nations separate these powers, but almost all nations realize the difference when talking about terrestrial or the sea.

So hacking, low level noise, and other inelegant descriptions of the noise in a borderless cyber world is not necessarily war. No matter what people call it. It may be criminal, it may be inconvenient, but it is not war. Similarly defense by a military entity is not the same as defense by a non-military entity. Further, the element of defense in hostile operations environments will be significantly different the element of defense in normal operations.

Unfortunately such subtleties aren't in vogue or considered by the main stream media.

Chinese hackers deface Bloomberg 'capitalist roader' editorial section, produce non-alarmist article; cyberpocalypse slouches closer:


View: Corporate America Must Fight, and Live With, China Hackers

Chinese hackers have redefined the concept of room service: In one recent attack, they infiltrated an Internet service provider to some of the world’s leading hotels, potentially gaining access to millions of confidential messages of traveling executives, as well as to the victims’ corporate networks.

[...]

Of course, industrial espionage has been a fixture of the economic landscape for centuries. Americans have a rich history of pilfering ideas from abroad, beginning with the theft of spinning and weaving technology from the British. So one proper response to today’s techno-thieves -- be they Chinese, Russian, French, German or Israeli -- is for American companies to embrace the threat as a fact of life and step up their own vigilance, especially when their executives travel overseas.

[...]

Finally, we need to treat the threat of Chinese cyber- espionage, real as it is, in a sober, nuanced manner. Sometimes, U.S. cyber warriors talk of China in language that sounds like it comes from an old Fu Manchu movie. China isn’t a monolith: the Ministry of Foreign Affairs, the Ministry of State Security and the People’s Liberation Army -- not to mention an army of rogue hackers -- all behave very differently.

Many Chinese recognize that China and the U.S. share a common interest in ensuring the protection of intellectual property, that foreign companies will not continue to invest in a country that is stealing their crown jewels, and that China stands to lose from undermining an economy in which it has invested hundreds of billions of dollars.

View: Corporate America Must Fight, and Live With, China Hackers (http://www.bloomberg.com/news/2011-12-16/corporate-america-must-fight-and-learn-to-live-with-china-hackers-view.html) - Bloomberg - Dec 16, 2011.
...

Also hacked; Council of Foreign Relations (paper tiger dept.) becomes 'PLA mouthpiece', cybergeddon looms:


Can You Hear Me Now? The U.S. Sends China a Message on Cyber Espionage

[...]

Whatever happens next, we are clearly only at the beginning. Claiming specific individuals and groups are behind the attacks is an important step forward, but where this all ends will ultimately depend on politics—how important cyber threats are compared to all the other issues in the U.S.-Sino relationship.

Can You Hear Me Now? The U.S. Sends China a Message on Cyber Espionage (http://blogs.cfr.org/asia/2011/12/13/can-you-hear-me-now-the-u-s-sends-china-a-message-on-cyber-espionage/) - Asia Unbound (CFR blog) - Dec 13, 2011.
...

Fah Lo Suee (http://www.marvunapp.com/Appendix/fahlosue.htm)

The United States Chamber of Commerce has confirmed Chinese hackers last year broke into internal networks.

The breach is, in some ways, a twist of fate for the Chamber. It has been one of the more vocal critics of cybersecurity legislation. In an internal draft document circulated earlier this year, the Chamber criticized the White House’s legislative proposals on cybersecurity as “regulatory overreach” and cautioned that “layering new regulations on critical infrastructure will harm public-private partnerships.”

http://bits.blogs.nytimes.com/2011/12/21/hacked-chamber-of-commerce-opposed-cybersecurity-law/

Adam G, I was beginning to think you'd hit the snooze button:).


China Hackers Hit U.S. Chamber
Attacks Breached Computer System of Business-Lobbying Group; Emails Stolen

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.


Paranormal activity:


The Chamber continues to see suspicious activity, they say. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.


Ends on a hopeful note:


"It's the new normal. I expect this to continue for the foreseeable future. I expect to be surprised again."


It's funny cos' it's Fu! (reader observation from WSJ article comment thread, p.10):


To be more succinct the Chinese are already at war with the free world and America just haven't accepted that these are really xenophobic nasty people who need to be quarantined from the civilized world.:(

China Hackers Hit U.S. Chamber (http://online.wsj.com/article/SB10001424052970204058404577110541568535300.html?m od=WSJ_hp_us_mostpop_read) - WSJ - Dec 21, 2011.

We are the Priests of the Temple of Syrinx:


Defending intellectual property in an internet age

SpaceX is in a race for its life with the Chinese. The US venture says it has $3bn in orders under its belt, making it one of the early leaders in the commercial space industry. But founder Elon Musk is under no illusions about the existential risk to his business: the Chinese path to success in the commercial space industry, he says, runs over his company’s dead body.

What should a company, or an entire industry, that finds itself in Chinese cross-hairs do? One response at SpaceX, Mr Musk says, has been to avoid seeking patent protection for the company’s most important technology.

[...]

That starts with a clear-eyed assessment of what technology is most the most vital. If businesses like SpaceX are not going to patent their best ideas, then they must go to great lengths to defend it. It should be stored on systems that are not connected to the internet, says Mr Anderson, with strict limits on who has access.

Greater accountability is also essential, both inside and outside. Protection of IP should be a clear senior executive responsibility. And shareholders and regulators have a part to play. More disclosure of hacking attacks is needed. Shareholders would also be reassured by explicit certification that their company’s crown jewels are secure.


Defending intellectual property in an internet age (http://www.ft.com/intl/cms/s/2/b156116a-2beb-11e1-98bc-00144feabdc0.html#axzz1hGCXf5Z1) - Financial Times - 21.12.11

2112 (http://www.youtube.com/watch?v=eEW2-k0EoyE)

Merry Christmas, Peace on Earth, Goodwill to All Humans (MC:PoEGaH):)

I'm a bit confused. How come normal espionage is just espionage, but cyber-espionage (against private entities!) somehow equals war?

I've been working on answering "WHY it's so easy to hack targets" It's way outside the lane of Small Wars but here is some link bait http://selil.com/archives/2880 of what I'm working on. Don't worry about all the other stuff the only thing that really matters is there are a whole lot of vulnerabilities with associated exploits (that will be zero days) that aren't even disclosed on any one day and that window moves through time. Only silly people say that Stuxnet had an unprecedented 4 zero days. On average 12 zero days are created every day.

Summary: Pishaw

I'm a bit confused. How come normal espionage is just espionage, but cyber-espionage (against private entities!) somehow equals war?

It's not, but electronic sabotage of commercial or government systems is just like normal sabotage quite an offence against a state.

I'm a bit confused. How come normal espionage is just espionage, but cyber-espionage (against private entities!) somehow equals war?

We need an answer to this if cyberspace is going to be credibly dubbed a "warfighting" domain.

A cybersecurity think tank has published a manual studying how international law applies to conflicts in cyberspace, where the laws of conventional warfare are more difficult to apply.

The manual comes from experts working with the Cooperative Cyber Defense Center of Excellence (CCDCOE), an institute based in Tallinn, Estonia, founded in 2008 that assists NATO with technical and legal issues associated with cyberwarfare-related issues.

The centre's 215-page study, the 'Tallinn Manual on the International Law Applicable to Cyber Warfare', is intended as a reference for legal advisers for government agencies. It examines existing international law that allows countries to legally use force against other nations, as well as laws governing the conduct of armed conflict.

http://news.techworld.com/security/3379202/cybersecurity-manual-examines-how-international-law-applies-cyberwarfare/

Given the recent manifesto by VADM's Card and Rogers in USNI Proceedings
("The Navy's Newest Warfighting Imperative") regarding the criticality of
cyberspace to the Navy's future, done in breathless metaphors to military
operations in the "other" domains, Dr. Libicki offers an important
"minority report" questioning the appropriateness of those metaphors, and
the overall philosophy behind our emerging doctrine for using cyberspace
(and information more generally) to relative advantage.

I think it unfortunate that this important essay languishes in a somewhat
obscure Law Journal, at least from the point of view of the military
audience that it could benefit. I think we are in danger of going down the
primrose path of wishful thinking we did with JV2010 in painting the
picture the good VADM's Proceedings article does about how to realize the
benefits and mitigate the risks associated with cyberspace, in terms of how
we deal with physical domains. The deja vu associated with the siren song
of "information dominance" harkens back to how the "fog of war" was going to
be lifted in JV2010 if only we interconnected everything and Metcalf's law
paid us the bonanza. Dr. Libicki makes a strong argument that leveraging
cyberspace may best be done on its own terms, and not through treating it
as another peg to be mashed into an ill-fitting doctrinal "domain" hole.

http://moritzlaw.osu.edu/students/groups/is/files/2012/02/4.Libicki.pdf

Hat tip to my colleague Bob Manke for bringing this to my attention.

http://www.guardian.co.uk/technology/2013/feb/23/mandiant-unit-61398-china-hacking?CMP=twt_gu


This is what Unit 61398 really represents: not just the ambitions of a stirring China, but the growing to maturity of a new ecosystem of warfare, espionage, activism and criminality. Last week a retired CIA director, Michael Hayden, compared it to the dawning of the atomic age at Hiroshima, saying: "This has the whiff of August 1945."

http://www.theatlantic.com/technology/archive/2013/05/will-digital-ethnic-cleansing-be-part-of-the-internets-future/276004/?google_editors_picks=true

Will 'Digital Ethnic Cleansing' Be Part of the Internet's Future?

Eric Schmidt, Jared Cohen, and Steve Clemons discuss the political limitations of the Internet.


And they might ultimately engage, Cohen continued, in a kind of "digital ethnic cleansing." Traditional legal and political checks on mass criminality have been developed within and for the physical world, he noted; in the digital, however, those checks are less developed. The web is simply too new. And you could imagine autocratic regimes or other communities taking advantage of that, creating a scenario in which one group finds a way to, for example, filter another group's content from the web. Or to shut down -- or severely slow down -- their Internet access. Or to infiltrate them with malware and/or orchestrate elaborate denial-of-service (DDoS) attacks. One group, in other words, could essentially annihilate the digital existence of another.


When people in the virtual community begin to misbehave, committing crimes that wouldn't be legal in the physical space, we currently have very few mechanisms for correction. As that reality plays out on the geopolitical stage, he said, you could have "this bizarre situation" in which, say, the U.S. and China have a generally good relationship in the physical world: cash flow, open communications, travel between the two countries, etc. And yet behind the scenes -- in the digital world -- those countries could be, effectively, waging war on each other through their digital infrastructure.

Their new book looks promising.

"The New Digital Age: Reshaping the Future of People, Nations and Business"

http://www.amazon.com/The-New-Digital-Age-Reshaping/dp/0307957136

Much of it is focused on the future of States, Terrorism, War, etc., and they don't paint a rosy picture.

Their new book looks promising.
"The New Digital Age: Reshaping the Future of People, Nations and Business"

Evgeny Morozov has become notorious for his takedowns of technology pundits and giants - he is the intellectual equivalent of a Mongol horde unleashed upon Silicon Valley. He gave no quarter Schmidt and Cohen in his review The New Digital Age:

Future Shlock - Meet the two-world hypothesis and its havoc (http://www.newrepublic.com/article/113272/eric-schmidt-and-jared-cohenthe-new-digital-ages-futurist-schlock), by Evgeny Morozov. New Republic, 27 May 2013.

Schmidt and Cohen are at their most shallow in their discussion of the radicalization of youth (which was Cohen’s bailiwick at the State Department before he discovered the glorified world of futurology). “Reaching disaffected youth through their mobile phones is the best possible goal we can have,” they announce, in the arrogant voice of technocrats, of corporate moguls who conflate the interests of their business with the interests of the world. Mobile phones! And who is “we”? Google? The United States?

The counter-radicalization strategy that Schmidt and Cohen proceed to articulate reads like a parody from The Onion. Apparently, the proper way to tame all those Yemeni kids angry about the drone strikes is to distract them with—ready?—cute cats on YouTube and Angry Birds on their phones. “The most potent antiradicalization strategy will focus on the new virtual space, providing young people with content-rich alternatives and distractions that keep them from pursuing extremism as a last resort,” write Cohen and Schmidt. For—since the technology industry

" produces video games, social networks, and mobile phones—it has perhaps the best understanding of how to distract young people of any sector, and kids are the very demographic being recruited by terror groups. The companies may not understand the nuances of radicalization or the differences between specific populations in key theaters like Yemen, Iraq, and Somalia, but they do understand young people and the toys they like to play with. Only when we have their attention can we hope to win their hearts and minds."

Note the substitution of terms here: “we” are no longer interested in creating a “sea of newly informed listeners” and providing the Yemeni kids with “facts.” Instead, “we” are trying to distract them with the kinds of trivia that Silicon Valley knows how to produce all too well. Unfortunately, Cohen and Schmidt do not discuss the story of Josh Begley, the NYU student who last year built an app that tracked American drone strikes and submitted it to Apple—only to see his app rejected. This little anecdote says more about the role of Silicon Valley in American foreign policy than all the futurology between the covers of this ridiculous book.

When someone writes a sentence that begins “if the causes of radicalization are similar everywhere,” you know that their understanding of politics is at best rudimentary. Do Cohen and Schmidt really believe that all these young people are alienated because they are simply misinformed? That their grievances can be cured with statistics? That “we” can just change this by finding the digital equivalent of “dropping propaganda flyers from an airplane”? That if we can just get those young people to talk to each other, they will figure it all out? “Outsiders don’t have to develop the content; they just need to create the space,” Schmidt and Cohen smugly remark. “Wire up the city, give people basic tools and they’ll do most of the work themselves.” Now it’s clear: the voice of the “we” is actually the voice of venture capital.
The whole review is just brutal.

Even if cybersecurity isn't a subject you think about a lot, the data breach of credit card information from and customers has probably increased your level of cyber-anxiety.

In Cybersecurity And Cyberwar: What Everyone Needs to Know, P.W. Singer looks at cybersecurity issues faced by the military, government, businesses and individuals, and what happens when you try to balance security with freedom of speech and the ideals of an open Internet.

http://www.npr.org/2014/01/14/262387292/what-everyone-needs-to-know-about-todays-cyberthreats

Michael N. Schmitt from the U.S. Naval War College does a lot of great work on cyber.