SlideShare a Scribd company logo

Understanding the 'physics' of cyber-operations - Pukhraj Singh

P
Pukhraj Singh

The document discusses several key ideas about cyber operations: 1) Cyber capabilities shift rapidly, with assumptions needing reevaluation every 5 years. The nature of cyberweapons and thresholds for cyber conflict remain ambiguous. 2) Offense and defense in cyber are indistinguishable and symbiotic, challenging traditional notions of proportionality and legality in conflict. Nation-state operations are also supplemented by powerful non-state actors. 3) Escalation dynamics in cyber are difficult to predict, as seen in wargaming exercises, increasing uncertainty for decision-makers regarding responses to cyber attacks. Bureaucracy may provide the most identifiable signature of state-backed operations.

Technology
1 of 44
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
UNDERSTANDING THE ‘PHYSICS’ OF CYBER-OPERATIONS From Doctrine to Operations From Operations to Doctrine Pukhraj Singh
About me • 13 years of off-and-on experience in cyber threat intelligence • Made early attempts at fusing cyber with geopolitics – Novel in 2010 • 5.5 years in the government – “It was the best of times, it was the worst of times” – Charles Dickens • I stand on the shoulders of giants – Cyber is over-classified; completely lacks empirical data to see trends – Experience is the only marker for cyber – I rely on operators with much greater experience • Product of a six-month research on a manuscript
Three interspersed narratives in this talk • Understanding the ‘meta’ of cyber – Shifts once in 5 years, on an average • The underlying physics of cyber-operations – All our assumptions are gravely wrong – Gets re-written in 5 years, too • The autonomous code will write the laws of war – From operations to policy, strategy & doctrine, not otherwise – Cyber: Counter-insurgency as a strategy & realpolitik as a policy
“The other domains [of war] are natural, created by God & this one is the creation of man” -- Gen Michael Hayden, former director NSA & CIA Let that sink in for a moment…
Four dimensions of power that absolutely don’t work in cyberspace: Territoriality, Causality, Proportionality & Legality
What are cyberweapons? “Cyberweapons are power projection tools” -- Dave Aitel, former NSA cyber-operative
But what REALLY are cyberweapons? “Anything which changes the terrain of cyberspace” -- Gen. Michael Hayden, ex-NSA & CIA It is not just about access
Anything which changes the terrain of cyberspace • For example, availability is the most potent weapon • Julian Assange/Wikileaks – The strategic pivot of Russian Active Measures (INFOOPS) – “Ahead of its time by many years” – Dave Aitel, ex-NSA • Russian Active Measures in the 2016 US elections – Weaponized the mere availability of crappy information
Three things where the generals may go wrong: - Cyber is NOT fully asymmetric - Cyber is NOT always non-kinetic - Cyber is NOT mostly non-attributable
Stuxnet: costly than an airstrike -- Rebecca Slayton, Cornell University
“The vast majority of cyber power projection tools are built and maintained by non-state-actors… a vast majority of the top tier hackers in the world are not with nation-states or never were” -- Dave Aitel, former NSA cyber-operative
“If we were to score cyber the way we score soccer, the tally would be 462-456, twenty minutes into the game” -- Chris Inglis, former Deputy Director of NSA Defense is an afterthought
“…the dual-hatting of the Director of NSA & Commander of U.S. Cyber Command ought not be undermined by nascent efforts to divide the two out of a need for improved optics” -- Gen. Keith Alexander, former director of NSA Offense-Defense • Mathematically indistinguishable • Symbiotic
Cyber is the true dual-use technology “I cannot change the reality that all security tools are dual-use” -- Mike Walker, DARPA • Offense-defense: symbiotic • Antivirus is the APT: the Kaspersky example • The Wassenaar debacle • “The cyber security products that promise total surveillance over the enterprise are, to my mind, an offensive strategy used for defensive purposes” – Dan Geer, In-Q-Tel • NSA’s DEFIANTWARRIOR, TURBULENCE & QUANTUMBOT
Thresholds of cyberwar would remain nebulous “…fixation on defining the precise threshold for a digital act of war (beyond the de facto effects-based analysis to be applied in any actual scenario) distracts from the important question of how cyber operations are actually being used today” -- Sean Kanuck, former National Intelligence Officer for Cyber
Why? Because the real intent & impact of a cyberattack are objectively incalculable Thresholds of cyberwar would remain nebulous
Why? Because CNE, CNA & CND are indistinguishable until fully manifested Thresholds of cyberwar would remain nebulous
CNO Matthew Monte, former cyber-operative with the CIA
Why? “When evaluating potential cyber activities, US policymakers have tended to view cyber operations as strictly delineated: offense or defense; espionage or military operations. Reality defies such stark categorization; determining when one type of cyber operation ends & another begins is challenging. Rather than establishing strict categories into which cyber activities are sorted, it may be best to view cyber operations along a spectrum” -- Col. Gary D. Brown, former staff judge advocate for U.S. Cyber Command Thresholds of cyberwar would remain nebulous
So, what is a reasonable marker? “Surviving on a diet of poisoned fruit” “The US cannot allow the insecurity of our cyber systems to reach a point where weaknesses in those systems would likely render the United States unwilling to make a decision or unable to act on a decision fundamental to our national security” -- Richard A. Danzig, former member of the Defense Policy & Intelligence Advisory Boards
“Cyber & Crisis Escalation: Insights from Wargaming” “Data from a crisis wargame conducted at the U.S. Naval War College from 2011 to 2016” “Decision-makers view cyber operations as highly escalatory…cautious about using offensive cyber operations & cyber network exploitation, even after conventional conflict has begun” “Despite their concern about escalation— chose not to respond to cyber attacks by the adversary in any of the wargames” -- Jacquelyn Schneider, United States Naval War College
“Cyber & Crisis Escalation: Insights from Wargaming” “Data from a crisis wargame conducted at the U.S. Naval War College from 2011 to 2016” “Significant strides toward our understanding of the impact of cyber on crisis stability by shifting from an analysis of capabilities to an exploration of states’ perceptions about the impact of cyber on escalation. By bypassing technical questions of capabilities, we can focus instead on how decision-makers process the uncertainties of cyber, with implications not only for potential behaviors during crisis situations but also for understanding the variables that shape foreign policy decision-makers’ understandings of the cyber domain” -- Jacquelyn Schneider, United States Naval War College
Finally, is cyber-deterrence a chimera? “Deterrence is largely a function of perception” “For deterrence to be effective, the adversaries must believe that our ability to respond to an attack will result in unacceptable costs imposed on them. Costs may be imposed through a variety of mechanisms, including economic sanctions, diplomacy, law enforcement, & military action” -- Aaron G. Hughes, former U.S. deputy assistant secretary of defense for cyber policy
Bureaucracy: the most persistent technical signature of a cyber attack
“Your cyber adversary has a boss & a budget” -- The Grugq Bureaucracy: the most persistent technical signature of a cyber attack
“Map the adversarial ecosystem of cyberspace in anthropological detail with the aim of increasing our understanding of our adversaries & our own incentives & methods of operation” -- Richard A. Danzig, Surviving On A Diet of Poisoned Fruit Bureaucracy: the most persistent technical signature of a cyber attack
Prevalent operational structures -- Dave Aitel, former NSA cyber-operative
Three real asymmetries of cyberwar -- Matthew Monte, former CIA cyber-operative Book: Networks Attacks & Exploitation
Overview: China • Two 3PLA cyber feeder programs – Apart from tech, HUGE focus on language – Jiao Tong, Shanghai International Studies University • Tiered competency • Loose C&C – OPSEC relies on plausible deniability • Fusion centers for economic espionage • Unified war component: Strategic Support Force
Overview: China -- Dave Aitel, former NSA cyber-operative
Overview: China • Efficient economic espionage – “The largest transfer of wealth in history” -- Gen. Keith Alexander – A major part of the 30% self-sustenance component of PLA • Declassifies stolen intelligence downstream – Via fusion centers: National Technology Transfer Centers or National Demonstration Organizations – “Convert advanced foreign technology into domestic innovation ability” – “Making technology transfer even more the core feature of our technology innovation” – Project 863, 973 & 211 – Under the 61 Research Institute of 3PLA – Corrupt generals
Overview: US • Cyber competency: Medium-tiered • Medium C&C • Extremely high covertness • “Doesn't try to controlling the world but prevents surprise” – The Grugq • A million cleared people - 17 agencies competing for budget • Contractor rot; high attrition
Overview: Russia • Good fusion of CYBEROPS with INFOOPS • Disinformation goes all the way back to Stalin • Remnant of the massive Soviet-era Active Measures machinery – $3-4 billion budget in 1982 ($9.5-12.6 billion in today’s terms) > budget of the NSA
Overview: Russia • Non-linear war: Gerasimov Doctrine – Peak build-up during & after Crimea • Competing agencies -- GRU, FSB & SVR • Very low covertness • Extension of the state-criminal nexus – Multiple operational components – Strategic cyber reserve
Overview: Israel • Purely an extension of skilling – unique • Completely disrupts conventional population- based competencies (lesson for India) • Feeders for 8200: starts from school – Magshimim, Talpiot • Vets bring almost $10 billion per year post- retirement – That’s roughly $700 per capita
India?
??? ☹
The worst kind of insurgency • Col. Gary D. Brown on why we won’t see international norms in cyber: – Laws came from customs & practices of nations – how do we account for the massive non-state component? – Functional entropy. Every cyberweapon can command its own law – Most conflict laws written around kinetic impact – Whatever rules we may create around cyber for would also affect other bodies like kinetic warfare – No letting go of offensive capabilities. “The strong do what they can, & the weak suffer what they must” – Internal (inter-agency) lack of cohesion is extreme
Cyber from a subcontinental perspective • “States not defining their limits & capabilities is an impediment to cyber law” -- Col. Gary D. Brown – Maintains escalatory control • “Vast majority of our key networked infrastructure is owned & operated by the private sector… must learn to work together to defend our nation in cyberspace” -- Gen. Keith Alexander – Private sector would always be in the cross-hairs – Active Defence (Offensive Defence) – “Private companies… providing threat intelligence that is steadily approaching the all-source format” – Sean Kanuck
Cyber from a subcontinental perspective • “We are fighting at the intersection of a Venn diagram where the finances of a non-state actor meet the capabilities of a state actor” – Le me • “Offense’s superiority means that it a utopian fantasy to believe that information can be protected from leakage, & so the counter-offense of disinformation is what we must deploy in return” – Dan Geer
Cyber from a subcontinental perspective • “Espionage & war are the same thing now” • “Information is capabilities” • “Lines of communications are lines of attack” • “Passive can turn into active at a heartbeat” • “Motivations dictate methodology” • “Capabilities can scale” • “Cyber attacks ideologies best” • “Banks evolved from a physical place to software services provider that conducts financial transactions… so too are countries becoming increasingly defined by code, rather than physical, tangible assets” – Dave Aitel
Cyber from a subcontinental perspective • “Most common threat vector within the cyber environment displays characteristics of a classical insurgent force” -- Maj. GB Parisien, Canadian Forces College • Cyber feeder program – Cyber NDA – Skilling would be the most effective & cheapest force multiplier for the Indian Armed Forces • Focus on tooling & toolchains rather than hacks – Controls resource & manpower attrition
Cyber from a subcontinental perspective • Cyber is the strategic pivot of symmetric war, not otherwise • A highly regulated non-state actor engagement model – Cyber-military industrial complex • For India, cyber-deterrence may mostly be realized through geopolitical alliances as the capability build-up is slow & weak
Thanks pukhraj@gmail.com

More Related Content

PDF
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
Pukhraj Singh
 
PDF
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
Pukhraj Singh
 
PDF
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh
 
PDF
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Pukhraj Singh
 
PDF
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
Pukhraj Singh
 
PDF
Cyberwarfare and Aggressiveness in Cyberspace
Jarno Limnéll
 
PPTX
Cyber Conflicts - Time for Reality Check
Jarno Limnéll
 
PPTX
Cyber Ethics: TechNet Augusta 2015
AFCEA International
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
Pukhraj Singh
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
Pukhraj Singh
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Pukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
Pukhraj Singh
 
Cyberwarfare and Aggressiveness in Cyberspace
Jarno Limnéll
 
Cyber Conflicts - Time for Reality Check
Jarno Limnéll
 
Cyber Ethics: TechNet Augusta 2015
AFCEA International
 

What's hot (20)

PPTX
Crim cybersecurity_jarno_limnéll
Jarno Limnéll
 
PPTX
Are we ready for Cyberwarfare
Aurin Sheikh
 
PDF
Cyberwarfare
Space Defense Newsletter
 
PPTX
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
 
PPTX
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
Sara-Jayne Terp
 
PPTX
Cyberwarfare
shifahirani
 
PPTX
Cognitive security: all the other things
Sara-Jayne Terp
 
PPTX
Cyberwar and Geopolitics
tnwac
 
PDF
2019 11 terp_mansonbulletproof_master copy
Sara-Jayne Terp
 
PDF
Cyber weapons 1632578286
Udaysharma3
 
PPT
About cyber war
eugenvaleriu
 
PDF
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
 
PDF
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
PDF
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
CODE BLUE
 
PDF
Why_TG
TOP GUN
 
PDF
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
Cyber Security Alliance
 
PDF
No National 'Stand Your Cyberground' Law Please
William McBorrough
 
PDF
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
lkcyber
 
PPT
Information warfare, assurance and security in the energy sectors
Love Steven
 
PDF
Session 3.2 Zahri Hj Yunos
Commonwealth Telecommunications Organisation
 
Crim cybersecurity_jarno_limnéll
Jarno Limnéll
 
Are we ready for Cyberwarfare
Aurin Sheikh
 
Cyberwarfare
Space Defense Newsletter
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
Sara-Jayne Terp
 
Cyberwarfare
shifahirani
 
Cognitive security: all the other things
Sara-Jayne Terp
 
Cyberwar and Geopolitics
tnwac
 
2019 11 terp_mansonbulletproof_master copy
Sara-Jayne Terp
 
Cyber weapons 1632578286
Udaysharma3
 
About cyber war
eugenvaleriu
 
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
 
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
CODE BLUE
 
Why_TG
TOP GUN
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
Cyber Security Alliance
 
No National 'Stand Your Cyberground' Law Please
William McBorrough
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
lkcyber
 
Information warfare, assurance and security in the energy sectors
Love Steven
 
Session 3.2 Zahri Hj Yunos
Commonwealth Telecommunications Organisation
 
Ad

Similar to Understanding the 'physics' of cyber-operations - Pukhraj Singh (20)

PPTX
The rise of cyberpower
Noelle Cowling
 
PPTX
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
Boston Global Forum
 
PPTX
Cyber warfare ss
Maira Asif
 
PDF
Cyber Security for Oil and Gas
mariaidga
 
PDF
USSTRATCOM Cyber & Space 2011 Herbert Lin
AFCEA International
 
PPTX
Cybersecurity Law and Policy II Slides for First Summit Meeting
David Opderbeck
 
PPTX
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
PDF
RULES OF THE GAME IN CYBERWAR
Talwant Singh
 
PPTX
Cyber Operations in Smart Megacities: TechNet Augusta 2015
AFCEA International
 
PDF
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
Phil Agcaoili
 
PPTX
Introduction to National Critical Infrastructure Cyber Security: Background a...
Jack Whitsitt
 
DOCX
61Shackelford & Bohm - Securing North American Critical Infra
simisterchristen
 
PPTX
Advancing Women in Cyber Security Careers - A National Priority
Career Communications Group
 
PPTX
Ed Rios - New ncc brief
Trish McGinity, CCSK
 
PDF
Cyber Security, Cyber Warfare
Amit Anand
 
PDF
Pa862
Francesco Pompili
 
PDF
Nationstate Cyber Offensive Capabilities 1st Edition Eduardo Izycki
varmaguinn71
 
PDF
A US Cybersecurity Strategy for 2030
Scott Dickson
 
PPTX
C3 Cyber
Deepak Kumar (D3)
 
DOCX
Cybercrime & global mapping
Fred Zimmerman
 
The rise of cyberpower
Noelle Cowling
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
Boston Global Forum
 
Cyber warfare ss
Maira Asif
 
Cyber Security for Oil and Gas
mariaidga
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
AFCEA International
 
Cybersecurity Law and Policy II Slides for First Summit Meeting
David Opderbeck
 
Event: George Washington University -- National Security Threat Convergence: ...
Chuck Brooks
 
RULES OF THE GAME IN CYBERWAR
Talwant Singh
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
AFCEA International
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
Phil Agcaoili
 
Introduction to National Critical Infrastructure Cyber Security: Background a...
Jack Whitsitt
 
61Shackelford & Bohm - Securing North American Critical Infra
simisterchristen
 
Advancing Women in Cyber Security Careers - A National Priority
Career Communications Group
 
Ed Rios - New ncc brief
Trish McGinity, CCSK
 
Cyber Security, Cyber Warfare
Amit Anand
 
Pa862
Francesco Pompili
 
Nationstate Cyber Offensive Capabilities 1st Edition Eduardo Izycki
varmaguinn71
 
A US Cybersecurity Strategy for 2030
Scott Dickson
 
C3 Cyber
Deepak Kumar (D3)
 
Cybercrime & global mapping
Fred Zimmerman
 
Ad

Recently uploaded (20)

PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
KodekX | Application Modernization Development
KodekX
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Approach and Philosophy of On baking technology
30anthuong17
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Understanding the 'physics' of cyber-operations - Pukhraj Singh

  • 1. UNDERSTANDING THE ‘PHYSICS’ OF CYBER-OPERATIONS From Doctrine to Operations From Operations to Doctrine Pukhraj Singh
  • 2. About me • 13 years of off-and-on experience in cyber threat intelligence • Made early attempts at fusing cyber with geopolitics – Novel in 2010 • 5.5 years in the government – “It was the best of times, it was the worst of times” – Charles Dickens • I stand on the shoulders of giants – Cyber is over-classified; completely lacks empirical data to see trends – Experience is the only marker for cyber – I rely on operators with much greater experience • Product of a six-month research on a manuscript
  • 3. Three interspersed narratives in this talk • Understanding the ‘meta’ of cyber – Shifts once in 5 years, on an average • The underlying physics of cyber-operations – All our assumptions are gravely wrong – Gets re-written in 5 years, too • The autonomous code will write the laws of war – From operations to policy, strategy & doctrine, not otherwise – Cyber: Counter-insurgency as a strategy & realpolitik as a policy
  • 4. “The other domains [of war] are natural, created by God & this one is the creation of man” -- Gen Michael Hayden, former director NSA & CIA Let that sink in for a moment…
  • 5. Four dimensions of power that absolutely don’t work in cyberspace: Territoriality, Causality, Proportionality & Legality
  • 6. What are cyberweapons? “Cyberweapons are power projection tools” -- Dave Aitel, former NSA cyber-operative
  • 7. But what REALLY are cyberweapons? “Anything which changes the terrain of cyberspace” -- Gen. Michael Hayden, ex-NSA & CIA It is not just about access
  • 8. Anything which changes the terrain of cyberspace • For example, availability is the most potent weapon • Julian Assange/Wikileaks – The strategic pivot of Russian Active Measures (INFOOPS) – “Ahead of its time by many years” – Dave Aitel, ex-NSA • Russian Active Measures in the 2016 US elections – Weaponized the mere availability of crappy information
  • 9. Three things where the generals may go wrong: - Cyber is NOT fully asymmetric - Cyber is NOT always non-kinetic - Cyber is NOT mostly non-attributable
  • 10. Stuxnet: costly than an airstrike -- Rebecca Slayton, Cornell University
  • 11. “The vast majority of cyber power projection tools are built and maintained by non-state-actors… a vast majority of the top tier hackers in the world are not with nation-states or never were” -- Dave Aitel, former NSA cyber-operative
  • 12. “If we were to score cyber the way we score soccer, the tally would be 462-456, twenty minutes into the game” -- Chris Inglis, former Deputy Director of NSA Defense is an afterthought
  • 13. “…the dual-hatting of the Director of NSA & Commander of U.S. Cyber Command ought not be undermined by nascent efforts to divide the two out of a need for improved optics” -- Gen. Keith Alexander, former director of NSA Offense-Defense • Mathematically indistinguishable • Symbiotic
  • 14. Cyber is the true dual-use technology “I cannot change the reality that all security tools are dual-use” -- Mike Walker, DARPA • Offense-defense: symbiotic • Antivirus is the APT: the Kaspersky example • The Wassenaar debacle • “The cyber security products that promise total surveillance over the enterprise are, to my mind, an offensive strategy used for defensive purposes” – Dan Geer, In-Q-Tel • NSA’s DEFIANTWARRIOR, TURBULENCE & QUANTUMBOT
  • 15. Thresholds of cyberwar would remain nebulous “…fixation on defining the precise threshold for a digital act of war (beyond the de facto effects-based analysis to be applied in any actual scenario) distracts from the important question of how cyber operations are actually being used today” -- Sean Kanuck, former National Intelligence Officer for Cyber
  • 16. Why? Because the real intent & impact of a cyberattack are objectively incalculable Thresholds of cyberwar would remain nebulous
  • 17. Why? Because CNE, CNA & CND are indistinguishable until fully manifested Thresholds of cyberwar would remain nebulous
  • 18. CNO Matthew Monte, former cyber-operative with the CIA
  • 19. Why? “When evaluating potential cyber activities, US policymakers have tended to view cyber operations as strictly delineated: offense or defense; espionage or military operations. Reality defies such stark categorization; determining when one type of cyber operation ends & another begins is challenging. Rather than establishing strict categories into which cyber activities are sorted, it may be best to view cyber operations along a spectrum” -- Col. Gary D. Brown, former staff judge advocate for U.S. Cyber Command Thresholds of cyberwar would remain nebulous
  • 20. So, what is a reasonable marker? “Surviving on a diet of poisoned fruit” “The US cannot allow the insecurity of our cyber systems to reach a point where weaknesses in those systems would likely render the United States unwilling to make a decision or unable to act on a decision fundamental to our national security” -- Richard A. Danzig, former member of the Defense Policy & Intelligence Advisory Boards
  • 21. “Cyber & Crisis Escalation: Insights from Wargaming” “Data from a crisis wargame conducted at the U.S. Naval War College from 2011 to 2016” “Decision-makers view cyber operations as highly escalatory…cautious about using offensive cyber operations & cyber network exploitation, even after conventional conflict has begun” “Despite their concern about escalation— chose not to respond to cyber attacks by the adversary in any of the wargames” -- Jacquelyn Schneider, United States Naval War College
  • 22. “Cyber & Crisis Escalation: Insights from Wargaming” “Data from a crisis wargame conducted at the U.S. Naval War College from 2011 to 2016” “Significant strides toward our understanding of the impact of cyber on crisis stability by shifting from an analysis of capabilities to an exploration of states’ perceptions about the impact of cyber on escalation. By bypassing technical questions of capabilities, we can focus instead on how decision-makers process the uncertainties of cyber, with implications not only for potential behaviors during crisis situations but also for understanding the variables that shape foreign policy decision-makers’ understandings of the cyber domain” -- Jacquelyn Schneider, United States Naval War College
  • 23. Finally, is cyber-deterrence a chimera? “Deterrence is largely a function of perception” “For deterrence to be effective, the adversaries must believe that our ability to respond to an attack will result in unacceptable costs imposed on them. Costs may be imposed through a variety of mechanisms, including economic sanctions, diplomacy, law enforcement, & military action” -- Aaron G. Hughes, former U.S. deputy assistant secretary of defense for cyber policy
  • 24. Bureaucracy: the most persistent technical signature of a cyber attack
  • 25. “Your cyber adversary has a boss & a budget” -- The Grugq Bureaucracy: the most persistent technical signature of a cyber attack
  • 26. “Map the adversarial ecosystem of cyberspace in anthropological detail with the aim of increasing our understanding of our adversaries & our own incentives & methods of operation” -- Richard A. Danzig, Surviving On A Diet of Poisoned Fruit Bureaucracy: the most persistent technical signature of a cyber attack
  • 27. Prevalent operational structures -- Dave Aitel, former NSA cyber-operative
  • 28. Three real asymmetries of cyberwar -- Matthew Monte, former CIA cyber-operative Book: Networks Attacks & Exploitation
  • 29. Overview: China • Two 3PLA cyber feeder programs – Apart from tech, HUGE focus on language – Jiao Tong, Shanghai International Studies University • Tiered competency • Loose C&C – OPSEC relies on plausible deniability • Fusion centers for economic espionage • Unified war component: Strategic Support Force
  • 30. Overview: China -- Dave Aitel, former NSA cyber-operative
  • 31. Overview: China • Efficient economic espionage – “The largest transfer of wealth in history” -- Gen. Keith Alexander – A major part of the 30% self-sustenance component of PLA • Declassifies stolen intelligence downstream – Via fusion centers: National Technology Transfer Centers or National Demonstration Organizations – “Convert advanced foreign technology into domestic innovation ability” – “Making technology transfer even more the core feature of our technology innovation” – Project 863, 973 & 211 – Under the 61 Research Institute of 3PLA – Corrupt generals
  • 32. Overview: US • Cyber competency: Medium-tiered • Medium C&C • Extremely high covertness • “Doesn't try to controlling the world but prevents surprise” – The Grugq • A million cleared people - 17 agencies competing for budget • Contractor rot; high attrition
  • 33. Overview: Russia • Good fusion of CYBEROPS with INFOOPS • Disinformation goes all the way back to Stalin • Remnant of the massive Soviet-era Active Measures machinery – $3-4 billion budget in 1982 ($9.5-12.6 billion in today’s terms) > budget of the NSA
  • 34. Overview: Russia • Non-linear war: Gerasimov Doctrine – Peak build-up during & after Crimea • Competing agencies -- GRU, FSB & SVR • Very low covertness • Extension of the state-criminal nexus – Multiple operational components – Strategic cyber reserve
  • 35. Overview: Israel • Purely an extension of skilling – unique • Completely disrupts conventional population- based competencies (lesson for India) • Feeders for 8200: starts from school – Magshimim, Talpiot • Vets bring almost $10 billion per year post- retirement – That’s roughly $700 per capita
  • 38. The worst kind of insurgency • Col. Gary D. Brown on why we won’t see international norms in cyber: – Laws came from customs & practices of nations – how do we account for the massive non-state component? – Functional entropy. Every cyberweapon can command its own law – Most conflict laws written around kinetic impact – Whatever rules we may create around cyber for would also affect other bodies like kinetic warfare – No letting go of offensive capabilities. “The strong do what they can, & the weak suffer what they must” – Internal (inter-agency) lack of cohesion is extreme
  • 39. Cyber from a subcontinental perspective • “States not defining their limits & capabilities is an impediment to cyber law” -- Col. Gary D. Brown – Maintains escalatory control • “Vast majority of our key networked infrastructure is owned & operated by the private sector… must learn to work together to defend our nation in cyberspace” -- Gen. Keith Alexander – Private sector would always be in the cross-hairs – Active Defence (Offensive Defence) – “Private companies… providing threat intelligence that is steadily approaching the all-source format” – Sean Kanuck
  • 40. Cyber from a subcontinental perspective • “We are fighting at the intersection of a Venn diagram where the finances of a non-state actor meet the capabilities of a state actor” – Le me • “Offense’s superiority means that it a utopian fantasy to believe that information can be protected from leakage, & so the counter-offense of disinformation is what we must deploy in return” – Dan Geer
  • 41. Cyber from a subcontinental perspective • “Espionage & war are the same thing now” • “Information is capabilities” • “Lines of communications are lines of attack” • “Passive can turn into active at a heartbeat” • “Motivations dictate methodology” • “Capabilities can scale” • “Cyber attacks ideologies best” • “Banks evolved from a physical place to software services provider that conducts financial transactions… so too are countries becoming increasingly defined by code, rather than physical, tangible assets” – Dave Aitel
  • 42. Cyber from a subcontinental perspective • “Most common threat vector within the cyber environment displays characteristics of a classical insurgent force” -- Maj. GB Parisien, Canadian Forces College • Cyber feeder program – Cyber NDA – Skilling would be the most effective & cheapest force multiplier for the Indian Armed Forces • Focus on tooling & toolchains rather than hacks – Controls resource & manpower attrition
  • 43. Cyber from a subcontinental perspective • Cyber is the strategic pivot of symmetric war, not otherwise • A highly regulated non-state actor engagement model – Cyber-military industrial complex • For India, cyber-deterrence may mostly be realized through geopolitical alliances as the capability build-up is slow & weak