CYBERWAR – SECURITY ASPECTS OF FORCE AND WEAPON MANAGEMENT

 

 

Major General Grudi Angelov
Commandant of “G. S. Rakovski” National Defence College

Abstract: The publication addresses the impact of the Internet on globalization, driven by increased influence of networked computer systems on governance processes. Conceptual aspects of network operations are considered, and a classification of possible cyber attacks is presented. Specific features of actions inherent in cyberwar are summarized, and examples of the principles, mechanisms and tools used to provide the necessary cyberspace security internationally are presented.

Keywords: network-centric operations, cyber-crime, cyberwar, cyber-weapons, combat software.

 

The globalized world which we live in, has identified so acutely and urgently the issues of security as a top priority in relations between countries like never before. For all countries worldwide, it is essential to be able to rely on secure cyberspace and secure communication and information technologies, to build their security on the basis of sustainable and reliable information services and related infrastructures.

The main reason for cyber-globalization is the Internet. The global network of more than two billion interconnected users has become one of the most powerful and effective tools for business, social contacts, culture, science and, last but not least, an environment for disseminating democratic ideas and organizing people in their efforts to chieve their aspirations for freedom. The obsession of our lives by information technology naturally attracts crime, which by enviable adaptability uses these technologies as a tool for repression.

The number of web crimes is rapidly increasing. Computer viruses, network breakdowns and cybercrime can lead to significant financial losses, undermine confidence in online services, and cause serious damage to the economy. Here is one of the latest data published in a press release of the European Commission – “Cybersecurity today”:

Every day around 150,000 computer viruses are circulating and 148,000 computers are compromised.

According to the World Economic Forum, there is a 10 percent probability of a significant fall in critical information infrastructure over the next decade, which could damage more than $ 250 billion.

Cybercrime causes a great deal of incidents in cyberspace: Symantec believes that cybercrime victims globally lose more than 290 billion euros each year, while according to a McAfee survey, cybercrime revenues are over 750 billion euros a year.

It is a well-known fact that modern technological advances are due to the rapid development of communication and information systems and their global application in all areas of life. And since technology has always been an important factor in the development of war, today we are witnessing such changes in this area that have the potential to radically change the character, the ways, and possibly the philosophy of military confrontation.

Some military analysts believe that even the most advanced technology would not bring about a radical change in the ways and means of waging war, but uniting among them is the thesis that today we may be facing the threshold of a revolution in the military warfare. And the reason for this is the influence of internetworked computer systems on management processes. This is also the reason for the emergence of a new area of ​​military opposition defined as a “cyber space domain”. Supporting the trend of change is the emergence in recent years of new doctrines and concepts presenting the perceptions of the use of forces and weapons as well as the future of warfare.

The connection of computer systems with military purposes has its evolutionary development. From building command and control systems (C2) through integrated command, control, communication, computing and intelligence (C4I) systems to developing and implementing the concept of networking operations. All this is done by providing more information to the management system, reducing the management cycle time, increasing efficiency, and optimizing resource use in the actions of the forces. As a result, this information becomes a strategic resource that can be as valuable and influential as to be decisive for the outcome of the war.

Contrary to the outlined trend, there is a threat of influence on information in cyberspace where management processes are implemented. If we take into account the dependence of modern forces and weapons on information, it is clear that cyber counter-action can also clearly be defined as cyberwar.

The armed conflict in cyberspace, and above all in the global network, makes it possible to have an “armed” impact on any object having an address from that network – regardless of its physical attachment to an element of the network infrastructure. In this sense, the use of a unified network and information infrastructure for both global public and governmental needs in cyber conflict conditions is accompanied by difficulties in complying with the principles of International Humanitarian Law such as: differentiation of civilians and soldiers; a ban on an attack on non-combatants; principle of proportionality; the principle of humanity and others.

Military specialists unanimously state that communication and information technologies are not weapons in their own right from international law’s point of view. However, the malicious use of such technologies may be detrimental, very often commensurate with the use of traditional weapons and, in some cases, with weapons of mass destruction. From this point of view, the use of communication and information technologies can be seen as a serious threat to peace and security, which gives rise to the inalienable right of each state to self-defense within the meaning of the UN Charter.

As a result of the significantly increased role of communication and information technologies for the Armed Forces, it is possible to achieve specific objectives such as integration of actions, interaction between forces, comprehensive connectivity, information protection, management of own and attributed forces and non-hierarchical exchange of information. The achievement of each of these objectives alone can not satisfy the requirements of the command and control systems, which is one of the reasons for the emergence of modern-day military theory of “network-centric” operations.

“Network-centric” operations are conducted in two stages:

  • During the first stage, high-impact strikes (air/space) are conducted throughout the enemy territory. At the same time, mass coordinated operations are being carried out for electronic suppression and destruction of critical elements of governmental and military management systems, economics, finance and the social sphere. Also, massive intelligence and psychological operations are coordinately carried out, as well as operations in computer networks.
  • The second stage involves a ground operation that begins when the objectives of the first stage are reached and the conduct of such an operation is deemed necessary.

Summing up the conceptual goals of the two phases, it can be concluded that the first stage of conducting “network-centric” operations is fundamental.

Operations in cyberspace allow remote destruction or partial incapacitation of critical elements of state and military management systems, life-support and public systems of society. Therefore, the effective conduct of such operations through appropriate tactics and strategies is brought to the attention of leading military specialists planning to conduct such operations.

Having in mind that cyberspace is a new and insufficiently researched environment for military warfare, military experts have founded their analysis of this environment on three layers: physical (technical infrastructure and communications system), semantic (data) and syntactical (interaction protocols, data exchange).

Accordingly, the possible attacks on cyberspace are also classified as:

  1. physical layer attacks – physical destruction of the real communication and information infrastructure;
  2. semantic layer attacks – violation of integrity and correctness of data;
  3. syntax layer attacks – malicious software corruption and malfunctioning of system logic.

Even in-depth analysis provides the obvious conclusion that attacks on the semantic and syntax layers are significantly more effective in terms of resources, organization, and implementation time. This is also the main reason why military experts view these parts of cyberspace as carriers of significant dangers and a condition for developing new weapons and tactics for their use.

The main specific features, inherent to actions defined as “cyberwar”, are presented in the publication “Cyberdeterrance and cyberwar” (RAND Corp., 2009). The author Martin Libicki states that:

  • cyberwar consists of targeted cyber-attacks that an organization carries out against another;
  • the cyber-attack is significantly less valuable than “cyber-restraint”;
  • the cyber-attack can be carried out from different locations that are difficult to identify with a particular subject.

Similar subject is presented in the publication “Cyberwar: Concept, Status Quo, and Limitations” by the Safety Research Center in Zurich (2010), according to which four levels of cyber conflicts can be considered:

  • cyber vandalism;
  • cybercrimes;
  • cyber-spyware;
  • cyber terrorism and cyberwar.

Another author, Erez from Israel, looks at other four levels of cyberwar in his publication “Cyber-terrorism – How Much of a Threat Is It?” (2006):

  • psychological attack – through propaganda, misinformation, attacks on government sites, etc.;
  • tactical attack on government agencies, banking, and others.
  • a combination of physical terrorist acts with cyberattacks on civilian and rescue services;
  • mega-attack – attacks to control state and military management, as well as taking over critical infrastructure elements.

A relatively new concept – hybrid war – is defined by military theorists as an act whose purpose is to separate parts of the territory or to make significant losses to the opposing party without the use of armed forces. The basis for such type of wars are private military companies that are non-governmental organizations but perform tasks of a particular state. One of the manifestations of the hybrid war is cyberwar. As a rule, cyberwar accompanies all phases of a hybrid war – from the preparation to the achievement of the goals. Thus, each country is able to conduct a private cyberwar (in the framework of a hybrid war) that is not formally related to it, but is conducted in its own interests.

This circumstance implies a high degree of uncontrollability of such cyberwar. Moreover, these actions may be carried out against a particular state or corporation within the framework of a fully legitimate activity of the perpetrator.

Such actions are described too lightly in accessible publications. It should be noted that cyber weapons used in recent years have a global reach and a lightning-fast action without any preliminary indication of their use.

Since the end of the first decade of the 21st century, the term cyberwar has established itself as a concept of military action with features and means of combat.

Perhaps the most popular definition is given by Richard A. Clark in “Cyberwar” (2010). “Cyberwar – this is the action of a country penetrating the computers or networks of another country to achieve goals that lead to loss or destruction”.

The term “cyberwar” implies actions that target not only military systems, but also systems which are vital to public infrastructure, and cyber-action technology is characterized by high speed and broad reach. Separating it as a stand-alone concept is in line with the specific tools, methods, strategies and tactics applied. Under hybrid warfare, some peculiarities of cyber-impact can be noted, namely:

  • high degree of anonymity;
  • an extreme difficulty in determining its origin;
  • the main type of weapon used is the so-called “combat” software, operating as a multitude of programs designed to penetrate different objects prior to commencement of an operation (the time of activation may be considered as the beginning of combat operations).

When carrying out cyber operations (part of a cyberwar), very often the used tactics to install “combat” software is to disguise the latter in the form of common technical failures or mistakes made by the service staff. In addition, it can be noted that state security authorities generally “find it difficult” or do not find complicated disguised programs. And last but not least, the potential lack of any “trace” of the existence or operation of such software maintains the high effectiveness of such a tactic.

Detecting and identifying manufacturers of such software outside state-controlled organizations at the present stage is one of the most complex and difficult to solve problems. On the other hand, software development can easily be available for small, well-funded groups.

Even the general review of the conditions under which cyber-operations (part of cyber-warfare) are carried out leads to the conclusion that cyber-operations are unique from other military actions’ point of view, have a great destructive potential, are easily conducted and difficult to detect.

Completely logical and in line with existing military theory, every operation is preceded by massive intelligence activity. This implies the activation of a full-scale cyber-spyware prevention operation as the first phase of cyberwar deployment – of course, based on software “combat” pre-installed in enemy systems.

Considering that the necessary condition for cyberwar is the pre-implantation of “combat” software in opposing systems, this condition necessitates the inclusion in the composition of the military formations of specialists in detecting and counteracting computer attacks.

Changing methods and tactics directly depends on the technology used. At the current stage, it seems very realistic to develop “combat” software based on genetic and evolutionary program implementations. This can allow for a revolutionary change in the behavior of the implemented programs in the direction of the realization of “intelligent” behavior. The “combat” software developed on such a basis will be able to adapt itself to specific conditions by applying methods of completing, self-modifying, collaborating with other elements of its type available in the system, and persistently pursuing the intended purpose, at the same time constantly deploying adaptive self-preservation mechanisms. In fact, great concern among specialists is that such “combat” programs will be able to influence both systems based on the Internet as well as closed or isolated networks.

Ensuring the necessary safety in cyberspace is an integral part of each country’s military strategy; however it is also seen as a new space for warfare – alongside land, sea and air/space. A number of military leaders have significantly expanded their research, military structures and developments in cyber war, cyber weapons and cyber defense.

Since 2007, the US Department of Defense has set up operations for computer networks, and since 2010 a new military cyber command (CYBERCOM) has been set up.

In the United Kingdom, a national cyber-security management and the national cyber-security center (NCSC at GCHQ) have been set up.

In Germany, a special military formation for cyberwar has been operating since 2010.

In Israel a special formation for cyber threat counteraction has been set up and operated as part of the military intelligence.

China is actively working on development of spy computer networks. Expected scenarios for cyberwar are being explored.

If a scenario such as the model above is implemented through intelligent combat programs, despite all the conventions at the current stage, the entire encrypted traffic will be fully disclosed. By the same method, complete control over enemy management systems and absolute dominance in cyberspace will be established. Ultimately, the hybrid war may be over before we have realized that it has started.

Although such a scenario does not seem realistic, we have to consider and confirm the unexpectedly high potential of cyberspace threats.

 

Czosseck, C., R. Ottis, K. Ziolkowski (Eds.). Command and Control of Cyber Weapons, NATO CCD COE Publications, Tallinn, 2012.

NATO Interoperability, http://publicintelligence.net/nato-interoperableistar-system-concept-of-employment/

Issues Facing the Army Future Combat Systems Program, U.S. General Accounting Office, August 13, 2003.

U.S. Army, FM 3.0 Operations, T. U. S. Army, Ed., ed. Washington DC, 2001.

http://inews.bg

http://www.army-technology.com/projects/land_warrior/

http://psyfactor.org/psyops/infowar19.htm