Inside Cyber Warfare

Chapter 19

This was clearly seen in a story reported in the New York Times on June 27, 2009, ent.i.tled "US and Russia Differ on a Treaty for Cybers.p.a.ce."

Was.h.i.+ngton was pus.h.i.+ng for more international cooperation among law enforcement agencies, similar to the Council of Europe Convention on Cybercrime, which has been signed by 22 nations, excluding Russia and China.

Moscow prefers a nonproliferation treaty similar to what's in place for weapons of ma.s.s destruction (chemical, biological, nuclear), but it vigorously resists any attempt to allow international law enforcement to pursue cyber criminals within its borders.

[38] Source: Moscow Nezavisimoye Voyennoye Obozreniye (in Russian), a weekly independent military newspaper published by Nezavisimaya Gazeta.

China Military Doctrine

As the Chinese have said, losers in IW will not just be those with backward technology. They will also be those who lack command thinking and the ability to apply strategies. It is worth the time of the US a.n.a.lytical community to a.n.a.lyze IW strategies and tactics from all points of view, not just the empirical US approach.

--Lt. Col. Timothy Thomas, "Like Adding Wings to the Tiger"

Information technology is an area where, unlike industrial capacity or military hardware, no one nation can claim dominance. As a result, information technology and its military counterpart, information warfare, holds great appeal for the PRC, which has tremendous resources in its population size and the number of their high-quality math and science graduates.

People's Liberation Army (PLA) officers began writing about information warfare at about the same time that the Internet browser became wildly popular: 1993. The instigating factor was the US display of technology in the first Gulf War, noticed and written about by General Liu Huaqing, the former vice chairman of the Central Military Commission. The U.S victory held special significance for the Chinese because Iraq was using weapons acquired from China and Russia. The resounding defeat of the Iraqi military was also a comment on the lack of effectiveness of Chinese hardware against an obviously superior force.

A second wake-up call for the Chinese arrived with the NATO action in Kosovo in 1999, which resulted in the bombing of the Chinese emba.s.sy. Although apologies were forthcoming, the action resulted in Chinese hackers attacking official US government networks, including the US Department of Energy and Interior websites.

In April 2001, when a US EP-3 Signals surveillance aircraft collided with a Chinese military aircraft, resulting in the death of the Chinese pilot, angry civilian hackers launched cyber attacks against US networks. These events did not go unnoticed by PLA officers, who observed how computer warriors could leverage technological dependencies by a superior force in an effort to gain an asymmetric advantage.

A recent study uses US joint doctrine as a construct to highlight the differences between Chinese and American IW. Kate Farris argues that "the US tends to focus on the CNA aspect of IW, while the Chinese take a more broad perspective, emphasizing pillars such as PSYOP, Denial, and Deception." While my selection of Chinese literature persuasively supports this a.s.sessment, the current state of Chinese IW is simply too immature and not understood well enough to reach any definitive conclusion.

The inherent problem with a technologically advanced military force is its dependence on technology. The more complex a network, the more vulnerable it is. Major General w.a.n.g Pufeng wrote in 1995: "There is a question of how to use weakness to defeat strength and how to conduct war against weak enemies in order to use information superiority to achieve greater victories at a smaller cost."

In 1995, Pufeng, often referred to as the "father of information warfare," wrote his influential book The Challenge of Information Warfare, wherein he saw information warfare as a critical factor for China's future modernization plans: In the final a.n.a.lysis, information warfare is conducted by people. One aspect is to cultivate talent in information science and technology. The development and resolution of information warfare can be predicted to a great degree in the laboratory. Information science and technology talent are the forerunners of science and technology research.

Today, Chinese students regularly place at the top of international science and math challenges, far above their peers in the United States. In a 2003 math, science, and reading a.s.sessment involving 250,000 students from 41 countries, China (Hong Kong) ranked #1 in science and #3 in math. Many of those students will go on to receive advanced degrees from US universities such as Stanford and MIT, and some may serve as officers in the People's Liberation Army. In 2006, two Chinese universities contributed more Ph.D.s to American university graduate programs than any other nation, including the United States (http://www.nsf.gov/statistics/infbrief/nsf08301/).

The Chinese government sees information warfare as a true People's War, meaning that they can recruit technical expertise from their civilian population. Timothy Thomas wrote about this in his essay "Adding Wings to Tigers": w.a.n.g Xiaodong, while a.n.a.lyzing a RAND IW doc.u.ment, observed that this study unknowingly outlined a People's War in the information age.

Even as to government mobilized troops, the numbers and roles of traditional warriors will be sharply less than those of technical experts in all lines...since thousands of personal computers can be linked up to perform a common operation, to perform many tasks in place of a large-scale military computer, an IW victory will very likely be determined by which side can mobilize the most computer experts and part-time fans. That will be a real People's War.

In line with this concept of organizing a civilian cyber militia, there are reports of actual IW drills being conducted within Chinese provinces, such as Hubei in 2000. According to Xu Jiwu and Xiao Xinmin, in their article "Civil Networks Used in War" (Beijing Jiefangjun Bao), an IW exercise was held in the city of Ezhou that demonstrated the rapid mobilization of civilian networks, such as cable television stations, banking networks, telecommunications, and other linked systems, to serve as offensive IW units in times of war.

This is a further example that China's political leaders are well aware of their shortcomings in traditional warfare and are trying to maximize their a.s.sets, civilian and military, to gain additional strategic leverage. From their perspective, the key filters for decision making are US military superiority, China's aging military technology, and how best to prepare for the next military conflict.

China views future conflicts in the same way that the United States does-as limited engagements rather than total war. To that end, according to Peng and Yao, "what is emphasized most is the combined use of many types of military, political, economic, and diplomatic measures" (Peng Guangqian and Yao Youzhi, eds., The Science of Strategy, Beijing: Military Science Press, 2001).

The goal is not to

The specific tools of offensive and defensive IW include: Physical destruction Dominance of the electromagnetic spectrum Computer network warfare Psychological manipulation Interestingly, these capabilities almost mirror US doctrine on IW, such as the US Air Force's "Six Pillars of IW" and "Joint Vision 2010." The People's Liberation Army has also obtained and translated copies of JP3-13.1, "Joint Doctrine for Command and Control Warfare," according to RAND's James Mulvenon.

Consequently, PLA strategists use the same terminology as that of the US Armed Forces: CNO (computer network operations), CNA (computer network attack), CND (computer network defense), and CNE (computer network exploitation).

Priority of these components begins with CNE, since the People's Republic of China believes that it is presently the target of computer network attacks by the United States.

CNA is believed to be most effective at the very beginning of a conflict and may be used for maximum effect as a preemptive strike. Ideally, if the CNA is disruptive enough, it may end the conflict before it progresses to a full-scale war.

Targets of interest for a network attack include "hubs and other crucial links in the system that moves enemy troops as well as the war-making machine, such as harbors, airports, means of transportation, battlefield installations, and the communications, command and control and information systems" according to Lu Linzhi in his article "Preemptive Strikes Crucial in Limited High-Tech Wars" (Jiefangjun bao, February 14, 1996).

US vulnerability to this strategy was recently underscored with the release of the FAA Inspector General's report on the state of Air Traffic Control (ATC) network security. One of the findings revealed that only 11 of the hundreds of ATC systems were protected by mandatory intrusion detection systems. The report goes on to state that some of the cyber attacks may have been successful in gaining control of ATC systems: During Fiscal Year (FY) 2008, more than 800 cyber incident alerts were issued to the Air Traffic Organization (ATO), which is responsible for ATC operations. As of the end of FY 2008, over 150 incidents (17 percent) had not been remediated, including critical incidents in which hackers may have taken over control of ATO computers.

Anti-Access Strategies

Anti-access is a strategy that the PLA has adopted to slow the advance or hamper the operational tempo of an opposing force into a theater of operations during time of war. The RAND Corporation released an excellent study on this strategy, auth.o.r.ed by James Mulvenon and David Finkelstein, and it sheds additional light on how the PRC is planning to fight future wars.

They acknowledge up-front that "anti-access" per se is not a formal Chinese military strategy; rather, it is a way of summing up Chinese doctrine that addresses the problem of defeating a superior foe. In the case of the United States, that means recognizing US reliance on information networks as a significant vulnerability that, if exploited, could throw US plans into chaos and delay or suspend any impending attack.

Anti-access techniques have a broad range, up to and including triggering an electromagnetic pulse (EMP) device. Targets could include computer systems based in the United States or abroad, command and control nodes, s.p.a.ce-based intelligence, surveillance, and reconnaissance and communications a.s.sets.

The 36 Stratagems

No one can say for certain who wrote these 36 martial proverbs; however, some Chinese historians date them as far back as the Southern Qi dynasty (479502), which was about 1,000 years after Sun Tzu wrote The Art of War.

The 36 stratagems have a darker connotation than The Art of War, focusing solely on acts of trickery, mischief, and mayhem-more the province of spies than soldiers. This makes the ancient doc.u.ment an inspiring resource for today's Chinese nonstate hackers, who rely on creating ruses to trick unsuspecting Internet users into leaving the safety of their firewalls for dangerous terrain. It's also interesting to note that, unlike Russia, China has never engaged in military action where cyber warfare was a component, allegedly opting instead for acts of cyber espionage: Stratagem #3: "Kill with a borrowed knife"

This stratagem advises "Attack using the strength of another (in a situation where using one's own strength is not favourable)."

This could just as easily apply to the use of botnets as a means to launch DDOS attacks.

Stratagem #8: "Openly repair the gallery roads, but sneak through the pa.s.sage of Chencang"

This stratagem advises "Deceive the enemy with an obvious approach that will take a very long time, while surprising him by taking a shortcut and sneak up to him. As the enemy concentrates on the decoy, he will miss you sneaking up to him."

Use backdoors or Trojan worms when attacking a network.

Stratagem #10: "Hide a knife behind a smile"

This stratagem advises "Charm and ingratiate yourself with your enemy until you have gained his trust. Then move against him."

This could describe phis.h.i.+ng schemes or other social engineering attacks.

Stratagem #15: "Lure the tiger out of the mountain"

This stratagem advises "Hold out baits to entice the enemy."

This refers to luring an opponent from a position of strength, such as being protected by a firewall and updated anti-virus program, to a position of weakness or vulnerability. One way to accomplish this is with the adoption of social engineering techniques to get the target to accept a fake email as genuine and open a compromised attachment or click on an infected link.

Stratagem #17: "Tossing out a brick to get a Jade gem"

This stratagem advises "Bait someone by making him believe that he gains something and obtain something valuable from him in return."

This could equate to a social engineering technique used to get the target to click on a link or visit a website where information will be covertly collected without his knowledge.

Stratagem #30: "The honey trap"

This stratagem advises "Send your enemy beautiful women to cause discord within his camp."

In contemporary computer parlance, this could refer to a honey pot, which lures visitors to a rigged site that collects information about them.

The 36 stratagems, like The Art of War, still plays a large role in shaping Beijing's military strategy. Western policymakers should be familiar with both historical doc.u.ments if they wish to understand the strategy underpinning the Chinese threat landscape.

US Military Doctrine

The US armed forces have produced more of a paper trail on how cyber warfare is to be conducted than any other nation. In fact, as has been mentioned earlier in this chapter, the PRC and to some extent the Russian Federation have based their own doctrine on what has been published in the following manuals: DOD Directive No. 3600.1, Information Operations. October 2001 DOD Information Operations Roadmap. October 30, 2003 JP 3-13 Information Operations. February 13, 2006 The question of who controls the US cyber warfare mission has been a hotly contested issue over the past several years. The US Air Force, Army, and Navy all have their own cyber operations, but overall command for conducting CNO has been a.s.signed to the US Strategic Command (USSTRATCOM), and the National Security Agency (NSA) has the mission of defending all US military networks.

The connection between the NSA and USSTRATCOM occurs at the Joint Functional Component Command (JFCC) level, known as the Joint Functional Component Command-Network Warfare, whose commander is also the director of the NSA. What follows is the official definition of Network Warfare, as written in Joint Publication 3.13: [T]he employment of Computer Network Operations (CNO) with the intent of denying adversaries the effective use of their computers, information systems, and networks, while ensuring the effective use of our own computers, information systems, and networks. These operations include Computer Network Attack (CNA), Computer Network Exploitation (CNE), and Computer Network Defense (CND).

Its important to note that USSTRATCOM is not the sole command authority in this complex arena. JP3.13 goes on to state that: CDRUSSTRATCOM's specific authority and responsibility to coordinate IO (Information Operations) across AOR and functional boundaries does not diminish the imperative for the other combatant commanders to coordinate, integrate, plan, execute, and deploy IO. These efforts may be directed at achieving national or military objectives incorporated in TSCPs (Theater Security Cooperation Programs), shaping the operational environment for potential employment during periods of heightened tensions, or in support of specific military operations.

Although terms have been created and defined, a cohesive strategy on cyber warfare that addresses where, when, and how it is to be implemented remains elusive. One reason for that is the fact that it is highly cla.s.sified. Another is that it is still being developed.

There are numerous problems that confront the military planners who are attempting to create this doctrine, not the least of which is attribution and deterrence. How should the United States respond to a cyber attack against its networks if it cannot unequivocally prove attribution? How can a deterrence policy be effective if opposing states know that their cyber activities can be conducted anonymously?

Another problematic area is the longstanding US policy of domain dominance, which basically says that the United States will control air, land, sea, and s.p.a.ce to such an extent that it will have freedom of access to each, as well as the ability to deny access to each to its opponents. Cybers.p.a.ce, as a global electronic medium, cannot be dominated or controlled by any one nation.

Then there is the expectation that rules of engagement (ROEs) will apply to cyber warfare. Some of the issues surrounding ROEs were made clear in a recent National Academy of Sciences report t.i.tled "Technology, Policy, Law and Ethics Regarding US Acquisition and Use of Cyber Attack Capabilities": When to execute a cyber attack What are the circ.u.mstances under which a cyber attack might be authorized?

Scope of a cyber attack What are the ent.i.ties that may be targeted?

Duration of a cyber attack How long should a cyber attack last?

Notifications Who must be informed if a cyber attack is conducted?

Authority for exceptions What level of authority is needed to grant an exception for standing ROEs?

The Obama Administration will be making significant headway in these areas through 2012, but it is too early to expect any answers to these hard challenges to be forthcoming before the publication of this book.

Chapter 12. A Cyber Early Warning Model.

By Ned Moran[39]

The Challenge We Face

The United States currently faces the daunting challenge of identifying the actors responsible for launching politically motivated cyber attacks. According to Defense Secretary Robert Gates, the United States is "under cyber attack virtually all the time, every day." It is estimated that more than 140 countries currently field cyber warfare capabilities. Additionally, sophisticated adversaries can route attacks through proxies and obfuscate their ident.i.ties. These facts combine to make attribution of cyber attacks a difficult challenge.

During the Cold War, none of these challenges existed. Attacks between the United States and rival powers were few and far between. The pool of nuclear powers was limited to an exclusive club. Additionally, it was more difficult to route a nuclear attack through a proxy.

The heightened ability to detect and identify the source of nuclear or missile attack increased stability during the Cold War. Many policymakers fear that the current inability to quickly and accurately identify the source of a cyber attack leads to instability and increases the chances that cyber attacks will be carried out. In order to improve its defensive posture, the United States must develop a cyber attack early warning system.

Cyber Early Warning Networks



Theme Customizer


Customize & Preview in Real Time

Menu Color Options

Layout Options

Navigation Color Options
Solid
Gradient

Solid

Gradient