DOCSLIB.ORG

Capabilities and Conflict in the Cyber Domain an Empirical Study

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Capabilities and Conflict in the Cyber Domain an Empirical Study Capabilities and Conflict in the Cyber Domain An Empirical Study By Anthony John Stuart Craig Dissertation submitted to the School of Law and Politics, Cardiff University in requirement for the degree of Doctor of Philosophy (PhD) in Politics and International Relations. January 2020 Acknowledgements This PhD would not have been possible without the help of my family. I especially thank my wife Natalia for being so supportive and patient. I am grateful to Cardiff University’s School of Law and Politics for funding my PhD and to the Research School on Peace and Conflict in Oslo for the opportunity they gave me to develop professionally as a researcher and for introducing me to a network of similarly minded academics. I thank my office colleagues and friends in Cardiff, my school friends in Glasgow, and Tattiana, Shaun, Edith and Andrea for their friendship and support during this time. I would not have got to this stage without the encouragement of Dr. Brandon Valeriano, who has given me self-confidence in my abilities and has remained a mentor since my time as an undergraduate at Glasgow University. I also thank my Cardiff University supervisor Dr. Andrea Calderaro for his continual advice and guidance, and Dr. Campbell Craig for his valuable feedback. Finally, I am grateful to my external reviewer, Dr. Tim Stevens and my internal reviewer, Dr. Claudia Hillebrand for their expert advice which helped me strengthen this thesis. i Summary This dissertation is a mixed method, empirical study on the causes and consequences of the proliferation of cyber capabilities among nation states in the international system from 2000 to 2017. National cyber capabilities are defined as the resources and assets used by states to project and resist influence through computer network operations (CNO). They are conceptualised and operationalised from two perspectives. Latent cyber capabilities are the societal resources that governments can draw on, including the programming skill and computer science knowledge of a population. Active cyber capabilities are the institutional developments by governments and militaries to build cyber security preparedness. They include the establishment of a computer security incident response team, a military computer network operations unit, or a national cyber security strategy. Via the quantitative analysis of an original data set (the national cyber capabilities data set), the distribution of latent and active cyber capabilities in the international system is first described and the rate at which active capabilities have been acquired over time is highlighted. By structuring the analysis according to the theory of opportunity and willingness, the findings demonstrate that the adoption of active cyber capabilities is enabled by a country’s latent resources (opportunity) and motivated by its external threat and rivalry environment (willingness). Next, the relationship between capabilities and the occurrence of computer network operations between rival states is investigated. Rather than deter conflict, cyber capabilities are positively associated with cyber-attacks. Finally, a case study of Iran is employed to illustrate how the cumulative findings of the statistical analyses apply in a real-world example. The findings of this dissertation highlight the need to develop alternative strategies for securing cyberspace to those focusing on the pursuit of military based capabilities and threats. ii Table of Contents Page Acknowledgements i Summary ii List of Tables vi List of Figures viii Chapter I. I. Introduction: The Purpose and Plan of the Thesis 1 The issue 1 The contribution 2 Research questions and theory 3 The structure of the thesis 5 II. II. Conflict and Capability in the Cyber domain 7 Introduction 7 Cyber Conflict in International Relations 8 Power and Capability 15 What do we know about cyber power and capability? 19 Theoretical Position of Thesis 24 Conclusion 28 III. III. A Theoretical Framework for Explaining the Causes and Consequences 30 of Cyber Capability Introduction 30 Part one: The determinants of cyber capability proliferation 31 Opportunity-Willingness Theory 31 Latent resources and military capabilities 33 The resource requirements for cyber capability 36 Security threats as a driver of military capability 38 The cyber threat environment and proliferation 41 Part two: The impact of cyber capability on cyber conflict 43 Deterrence, capabilities, and conflict in international relations 44 The failure of cyber deterrence 46 Capabilities as a cause of conflict 51 Opportunity-Willingness and cyber conflict 52 Summary 55 IV. IV. Methods for Quantifying National Cyber Capability 57 Introduction 57 The scope and limits of the NCC dataset 58 How is the data collected? 62 Indicators of latent cyber capability 63 iii Indicators of active cyber capability 69 V. V. Research Design for Investigating the Causes and Consequences of 75 Cyber Capability Introduction 75 Establishing causality 76 Methods of statistical analysis 77 Part one: Describing the distribution and proliferation of cyber 78 capability Part two: Identifying the determinants of cyber capability 79 Part three: Investigating the impact of capabilities on cyber conflict 83 Part four: Illustrative case study of Iran 90 Summary 91 VI. VI. A Descriptive Analysis of Cyber Capability in the International System 92 Introduction 92 Latent cyber capabilities: where do countries stand? 92 Active cyber capabilities and strategies: temporal and spatial 108 proliferation Discussion 115 VII. VII. Determinants of Cyber Capability 116 Introduction 116 Hypotheses for capability adoption 116 Bivariate analysis: latent capability and active capability 118 Bivariate analysis: external threat environment and active capability 125 Multivariate analysis: Opportunity and willingness theory tested 131 Discussion 140 VIII. VIII. Capability and Conflict: The Effect of Defensive Capabilities 142 Introduction 142 Research Design 143 Defensive capabilities and cyber incidents at the system level 143 Defensive capabilities and cyber incidents at the country level 146 Multivariate analysis 150 Defensive capabilities and the success of cyber incidents 152 Discussion 155 IX. IX. Capability and Conflict: The Effect of Capability Parity and 156 Preponderance on Cyber Conflict Introduction 156 Parity and preponderance 157 Research Design 158 Relative latent cyber capability and cyber conflict 160 Relative active cyber capability and cyber conflict 164 Multivariate analysis 166 Discussion 170 iv X. X. Capability and Conflict: The Initiators Capability and Cyber Conflict 172 Introduction 172 System level capabilities and the initiation of cyber incidents 173 The initiator’s capability and the frequency of cyber incidents 176 The initiator’s capability and the likelihood of cyber incidents 179 Rivalry intensity and cyber incidents 183 Multivariate analysis 185 The initiator’s capability and the severity of cyber incidents 189 Discussion 191 XI. XI. The Case of Iran: Illustrating the Findings 193 Introduction 193 Describing Iran’s cyber capabilities 194 How latent capability and rivalry has driven Iran’s active cyber 195 capabilities Has Iran’s cyber defence succeeded? 202 Iran’s capabilities and offensive operations 205 Discussion 209 XII. XII. Conclusion: What Do We Now Know About Cyber Capability and 211 Conflict Introduction 211 Summary of theory and approach 211 What do we know about cyber capabilities now? 214 Policy implications 217 Caveats and future research 219 List of References 222 Appendix: Active Cyber Capability and Strategy Data 244 v List of Tables Table Page 1. NCC dataset variables and measurement 74 2. Explanatory variables for investigating the determinants of active 83 capability 3. Frequency of cyber incidents between rival dyads (2000-2016) 85 4. National performances at the IOI and IMO by country (2016) 93 5. Computer science publication output by country (2016) 95 6. Software companies by country (2016) 96 7. ICT service exports by country (2016) 97 8. Internet penetration, top and bottom 10 countries (2016) 99 9. Secure Internet servers, top ten countries (2016) 99 10. Latent cyber capability index country ranking (2018) 102 11. Correlation of latent cyber capability with cyber and material capability 106 indices 12. Organisational age of national CSIRTs (2017) 110 13. Organisational age of military CNO units (2017) 112 14. Organisational age of national cyber security strategies (2017) 114 15. Summary statistics for opportunity-based variables 118 16. National resources and military CNO unit possession 120 17. National resources and national CSIRT possession 121 18. Conditional Probabilities of military CNO unit capability by resources 123 19. Conditional probabilities of National CSIRT capability by resources 124 20. Summary statistics for willingness-based variables 125 21. Threat environment and military CNO unit possession 126 22. Threat environment and national CSIRT possession 128 23. Conditional Probabilities of military CNO unit capability by threat 129 environment 24. Conditional Probabilities of national CSIRT capability by threat 130 environment 25. Logistic regression of military CNO unit possession 133 26. Logistic regression of national CSIRT possession 135 27. Effect of changes in independent variables on the probability of military 137 CNO unit 28. Effect of changes in independent variables on the probability of national 138 CSIRT 29. Likely next adopters of military CNO units 139 30. Likely next adopters of national CSIRT 139 31.
Load more

Recommended publications
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power
    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
    [Show full text]
  • Iran'in Siber Güvenlik Stratejisinin Saldiri Ve
    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/334583513 İRAN’IN SİBER GÜVENLİK STRATEJİSİNİN SALDIRI VE SAVUNMA KAPASİTESİ BAKIMINDAN ANALİZİ Article in Turkish Studies - Social Sciences · January 2019 DOI: 10.29228/TurkishStudies.22799 CITATIONS READS 0 225 1 author: Ali Burak Darıcılı 35 PUBLICATIONS 21 CITATIONS SEE PROFILE All content following this page was uploaded by Ali Burak Darıcılı on 25 July 2019. The user has requested enhancement of the downloaded file. Turkish Studies Social Sciences Volume 14 Issue 3, 2019, p. 409-425 DOI: 10.29228/TurkishStudies.22799 ISSN: 2667-5617 Skopje/MACEDONIA-Ankara/TURKEY Research Article / Araştırma Makalesi A r t i c l e I n f o / M a k a l e B i l g i s i Received/Geliş: 04.02.2019 Accepted/Kabul: 10.06.2019 Report Dates/Rapor Tarihleri: Referee 1 (15.03.2019)-Referee 2 (11.03.2019)- Referee 3 (18.03.2019) This article was checked by iThenticate. ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY Ali Burak DARICILI ABSTRACT The Stuxnet Virus was released in June 2010 and has affected Iran's nuclear facilities in Bushehr and Natanz. It was claimed that the United States of America (USA) and Israel secret services together have a role in the planning of this cyber-attack. Following this cover activity, also known as Operation Olympic Games in the literature, Iran considered the need to take serious measures in the field of cyber security and aimed to reach an effective cyber security capacity in cyber space with the investments made in 2010.
    [Show full text]
  • Andrew Futter Nuclear Weapons .Indd
    # 56 VALDAI PAPERS September 2016 www.valdaiclub.com NUCLEAR WEAPONS IN THE CYBER AGE: NEW CHALLENGES FOR SECURITY, STRATEGY AND STABILITY Andrew Futter About the author: Andrew Futter Senior Lecturer in International Politics, Department of Politics and International Relations, University of Leicester ; Fellow of the UK Higher Education Academy The views and opinions expressed in this Paper are those of the author and do not represent the views of the Valdai Discussion Club, unless explicitly stated otherwise. NUCLEAR WEAPONS IN THE CYBER AGE: NEW CHALLENGES FOR SECURITY, STRATEGY AND STABILITY The safe, secure and reliable management of nuclear weapons has always been a complex and complicated business, plagued by uncertainty and risks. But these challenges are being magnified and aggravated by new cyber tools, dynamics and capabilities, and from the threat posed by hackers seeking to gain access to, or interfere with, nuclear systems. The challenge is myriad in its scope, and ranges from the safe, secure and reliable nuclear C2, through fresh problems for information security, proliferation, and the safeguarding of highly sensitive nuclear secrets, to new complications for strategic deterrence and escalation, and the emergence of a cyber-nuclear security dilemma. While cyber threats may not currently undermine or supersede the role of nuclear weapons as the ultimate symbol of national security, increased uncertainty about the integrity and security of these systems raises questions for nuclear force management, thinking and strategy for all nuclear-armed states. The cyber challenge is nuanced and subtle, complicating and obfuscating the intrinsic difficulties of nuclear C2 and nuclear strategy rather than fundamentally transforming them.
    [Show full text]
  • Social Sciences Volume 14 Issue 3, 2019, P
    Turkish Studies Social Sciences Volume 14 Issue 3, 2019, p. 409-425 DOI: 10.29228/TurkishStudies.22799 ISSN: 2667-5617 Skopje/MACEDONIA-Ankara/TURKEY Research Article / Araştırma Makalesi A r t i c l e I n f o / M a k a l e B i l g i s i Received/Geliş: 04.02.2019 Accepted/Kabul: 10.06.2019 Report Dates/Rapor Tarihleri: Referee 1 (15.03.2019)-Referee 2 (11.03.2019)- Referee 3 (18.03.2019) This article was checked by iThenticate. ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY Ali Burak DARICILI ABSTRACT The Stuxnet Virus was released in June 2010 and has affected Iran's nuclear facilities in Bushehr and Natanz. It was claimed that the United States of America (USA) and Israel secret services together have a role in the planning of this cyber-attack. Following this cover activity, also known as Operation Olympic Games in the literature, Iran considered the need to take serious measures in the field of cyber security and aimed to reach an effective cyber security capacity in cyber space with the investments made in 2010. As it is seen, Iran's plans to develop a cyber security strategy were realized within the scope of an action-reaction relation through a retaliation reflex after the mentioned attack to the nuclear facilities. Nevertheless, Iran's efforts to improve its cyber security capacity, which began with a motivation for retaliation in the first place, turned into a goal to make Iran a strong actor in cyberspace with the measures taken in the following periods.
    [Show full text]
  • Cyber Warfare and Challenges for the U.S.-ROK Alliance by Dr
    Korea Economic Institute of America ACADEMIC PAPER SERIES December 2, 2014 North Korea’s Cyber Warfare and Challenges for the U.S.-ROK Alliance By Dr. Alexandre Mansourov ABSTRACT Introduction Despite an inferior information communication environment, Since Kim Jong-il’s designation of his son Kim Jong-un as his suc- North Korea has a high capacity to conduct robust cyber operations cessor in January 2009, North Korea has come a long way to aimed at collecting foreign intelligence, disrupting foreign comput- develop its own doctrine of cyber operations, build the military ers, information and communication systems, networks and critical organizations tasked with the cyber warfare missions, procure infrastructures, and stirring public discontent and disorder in the the hardware and software required for cyber operations, train enemy states. The Korean People’s Army concentrated its efforts a corps of highly skilled professional cyber warriors, and develop on strengthening the cyber war capabilities through establishing a operational plans for cyber warfare. Pyongyang demonstrated command and control structure dedicated to cyber warfare, form- its cyber capabilities through the conduct of cyber warfare exer- ing military units specializing in cyber warfare, training expert man- cises and actual cyber operations aimed against what it consid- power, and advancing research and development of core cyber ers its enemy states – the Republic of Korea, United States, and technologies. North Korea critically depends on outside resources Japan. North Korea now has a credible cyber warfare capability for the conduct of its offensive cyber effects operations. threatening the world’s advanced nations. The U.S.-ROK alliance managers often find their response options This study analyzes the evolution of the North Korean thinking limited in the absence of a clearly identifiable North Korean gov- on the policy dimensions of cyber warfare and cyber war: how ernment source of cyber operations.
    [Show full text]
  • The Question of State Sponsored Cyber Terrorism and Espionage Student Officer
    st th The Hague International Model United Nations Qatar 2020 | 21 ​ – 24 ​ of January 2020 ​ ​ ​ ​ ​ Forum: The Security Council Issue: The Question of State sponsored cyber terrorism and espionage Student Officer: Sebastian Santoni Position: President Introduction On the 27th of April 2007, Estonia experienced the first of a series of cyber attacks which would go on to shape laws, policies, and attitudes within and outside its borders. The country was bombarded by thousands of independent actors, resulting in the complete loss of most internet services for three weeks. The Estonian parliament, banks and media were all targeted in the midst of political disagreements with Russia. Although not the first incident of cyber terrorism, this was definitely one of the most destructive, managing to make an entire country go offline. In response, the world’s first ever regulations concerning actions in cyberspace were drafted, hoping to prevent such incidents from occurring in the future. However, incidents of cyber terrorism and espionage continued and remain a major threat to international security. Not only can they create mistrust and paranoia between nations, but also paralyse the organizations and resources core to their economic, social and political stability. This is especially true when such acts are initiated by countries and their related bodies, placing the world’s most sophisticated technology in the wrong hands. As members of the United Nations, it is the responsibility of countries to use their resources, voices and cooperation to strengthen international cyber security and work towards a world where state-sponsored cyber terrorism and espionage are void. Organizations such as the Kaspersky Lab and the Cooperative Cyber Defence Center of Excellence have made strides toward combating the issue, although they are restricted by an acute lack of relevant treaties and laws.
    [Show full text]
  • Ankura Cyber Threat Intelligence Bulletin
    ANKURA CYBER THREAT INTELLIGENCE BULLETIN IRANIAN RETALIATORY OPTIONS & TACTICS, TECHNIQUES AND PROCEDURES (TTP) JANUARY 13, 2020 TABLE OF CONTENTS EXECUTIVE SUMMARY ................................................................................. 3 BACKGROUND .............................................................................................. 3 SUGGESTED RESPONSE ................................................................................ 5 SUGGESTED TACTICAL ACTIONS ................................................................... 5 APPENDIX A – IRANIAN THREAT GROUPS TRACKED BY CTAPT ..................... 6 Page 2 | 6 EXECUTIVE SUMMARY As a result of escalations in tensions in the Middle East, including the killing of Iran’s Quds Force leader and the recent cruise missile strike against Iraqi and US forces, Ankura’s Cyber Threat Analysis and Pursuit Team (CTAPT) assesses the likelihood of Iranian retaliatory actions in cyberspace as high. Iran’s history of carrying out destructive and disruptive cyber-attacks against the United States and its allies should serve as a forewarning to entities in the financial, critical infrastructure, and defense related industries. Furthermore, based upon reports that Iran-linked threat actors have begun targeting President Trump’s re-election efforts, CTAPT assesses that entities and individuals associated with President Trump’s 2020 campaign or the Republican party have a high likelihood of being targeted by sophisticated cyber espionage campaigns in the run-up to the November election.
    [Show full text]
  • Operation “Olympic Games” Securing Memory Sharing
    OPERATION “OLYMPIC GAMES” SECURING MEMORY SHARING FOR CLOUD TENANTS Kshitij Yadav Associate Sales Engineer Analyst Dell EMC [email protected] Abhiram T.S. Associate Sales Engineer Analyst Dell EMC [email protected] Knowledge Sharing Article © 2020 Dell Inc. or its subsidiaries. The Dell Technologies Proven Professional Certification program validates a wide range of skills and competencies across multiple technologies and products. From Associate, entry-level courses to Expert-level, experience-based exams, all professionals in or looking to begin a career in IT benefit from industry-leading training and certification paths from one of the world’s most trusted technology partners. Proven Professional certifications include: • Cloud • Converged/Hyperconverged Infrastructure • Data Protection • Data Science • Networking • Security • Servers • Storage • Enterprise Architect Courses are offered to meet different learning styles and schedules, including self-paced On Demand, remote-based Virtual Instructor-Led and in-person Classrooms. Whether you are an experienced IT professional or just getting started, Dell Technologies Proven Professional certifications are designed to clearly signal proficiency to colleagues and employers. Learn more at www.dell.com/certification 2020 Dell Technologies Proven Professional Knowledge Sharing 2 Table of Contents Introduction .................................................................................................................................................. 4 Stuxnet .....................................................................................................................................................
    [Show full text]
  • Strategic Culture and Cyber Strategy
    University of Central Florida STARS Honors Undergraduate Theses UCF Theses and Dissertations 2021 Strategic Culture and Cyber Strategy Andrew S. Olejarski University of Central Florida Part of the Political Science Commons Find similar works at: https://stars.library.ucf.edu/honorstheses University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by the UCF Theses and Dissertations at STARS. It has been accepted for inclusion in Honors Undergraduate Theses by an authorized administrator of STARS. For more information, please contact [email protected]. Recommended Citation Olejarski, Andrew S., "Strategic Culture and Cyber Strategy" (2021). Honors Undergraduate Theses. 877. https://stars.library.ucf.edu/honorstheses/877 STRATEGIC CULTURE AND CYBER STRATEGY by ANDREW S. OLEJARSKI A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Political Science in the College of Sciences and in the Burnett Honors College at the University of Central Florida Orlando, Florida Spring 2021 Thesis Chair: Ted Reynolds, Ph.D. ABSTRACT The intent of this paper is to explore the relationship between strategic culture theory and how it interacts with war-parallel usage of cyber methods. Cyber methods, at times incorrectly classified as “cyberwarfare”, as a means of statecraft are becoming increasingly prevalent, and developing an understanding of how states use them, particularly during conflicts, would be a great boon to the field of security studies. Strategic culture theory, an international relations theory focusing on the relationship between culture and strategy, may be an effective means to analyze conflict-parallel use of cyber methods.
    [Show full text]
  • Iranian Cyber-Activities in the Context of Regional Rivalries and International Tensions
    CSS CYBER DEFENSE PROJECT Hotspot Analysis: Iranian cyber-activities in the context of regional rivalries and international tensions Zürich, May 2019 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Iranian cyber-activities in the context of regional rivalries and international tensions Authors: Marie Baezner © 2019 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group Myriam Dunn Cavelty, Deputy Head for Research and Teaching, Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie (2019): Hotspot Analysis: Iranian cyber-activities in context of regional rivalries and international tensions, May 2019, Center for Security Studies (CSS), ETH Zürich. 1 Iranian cyber-activities in the context of regional rivalries and international tensions Table of Contents 1 Introduction 4 2 Background and chronology 5 3 Description 9 3.1 Attribution and actors 9 Iranian APTs 9 Iranian patriotic hackers 11 Western actors 12 3.2 Targets 12 Iranian domestic targets 12 Middle East 12 Other targets 13 3.3 Tools and techniques 13 Distributed Denial of Service (DDoS) attacks 13 Fake personas, social engineering and spear phishing 13
    [Show full text]
  • Trojan Horse: the Widespread Use of International Cyber-Espionage As a Weapon
    Trojan Horse: The Widespread Use of International Cyber-Espionage as a Weapon Mark Russinovich Author of Zero Day and Trojan Horse Session ID: EXP-R35 Session Classification: Intermediate ► “Today, U.S. officials indicate that more than 20 countries have various kinds of information operations (IO) directed against the United States.” ► “Computer systems at the Pentagon and other military sites get “attacked” thousands of times each year.” Agenda ► Defining terms ► A brief history ► Anatomy of cyberespionage ► Implications and nation-state policy ► What should you do? Defining Terms Only State Information Undermines Political or Equivalent of Actors gathering or function of national armed attack theft of computer security or in context intellectual network purpose of armed property conflict Cyberespionage X Cyberattack X X Cyberwarfare X X X X Computer Network Attack (CNA) Computer Network Exploitation (CNE) Offensive Cyber Operations (OCO) Defensive Cyber Operations (DCO) The Why Reasons for states to maintain and utilize an aggressive cyber capability: 1. To deter other states by infiltrating their critical infrastructure 2. To gain increased knowledge through espionage in cyberspace, which makes it possible for states to advance more quickly in their military development 3. To make economic gains where technological progress has been achieved—for example, through industrial espionage 4. To be able to attack and paralyze an adversary's military capacity or the adversary's ability to control its own forces in a conflict A Brief History
    [Show full text]
  • Cyber in War: Assessing the Strategic, Tactical, and Operational Utility of Military Cyber Operations
    2020 12th International Conference on Cyber Conflict Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profit or 20/20 Vision: The Next Decade non-commercial purposes is granted providing that copies bear this notice T. Jančárková, L. Lindström, and a full citation on the first page. Any other reproduction or transmission M. Signoretti, I. Tolga, G. Visky (Eds.) requires prior written permission by NATO CCDCOE. 2020 © NATO CCDCOE Publications, Tallinn Cyber in War: Assessing the Strategic, Tactical, and Operational Utility of Military Cyber Operations Matthias Schulze Associate International Security Division German Institute for International and Security Affairs (SWP) Berlin, Germany Abstract: The study analyzes the use of cyber capabilities in war and conflict situations. The research question is: What good is cyber in war? What is the utility of military cyber operations in conflict situations and what obstacles exist? The paper analyzes a small set of cases where cyber capabilities have been used for military purposes. Using the ‘three levels of warfare’ heuristic, the study outlines the potentials and operational restrictions of military cyber operations. The analysis proposes a set of variables and hypotheses, such as the timing of use of cyber capabilities and the operational complexity of a cyber operation, for further theory building. Keywords: cyber in war, military cyber operations, levels of war, strategic cyber attacks, tactical cyber, small-n case study 1. INTRODUCTION North Korea’s leader, Kim Jong-un, allegedly heralded cyber capabilities as an “all- purpose sword” that guarantees “ruthless striking capability” (Young Kong, Gon Kim, and Lim 2019).
    [Show full text]