The Decision to Attack: Military and Intelligence
Total Page:16
File Type:pdf, Size:1020Kb
THE DECISION TO ATTACK: MILITARY AND INTELLIGENCE CYBER DECISION-MAKING by AARON FRANKLIN BRANTLY (Under the Direction of Loch K. Johnson) ABSTRACT The debate over the importance of cyber has resulted in the consideration of a new domain of operation vital to national security. States find themselves in an increasingly interconnected world with a diverse threat spectrum and little understanding of how decisions are made within this amorphous domain. Much of the literature on cyber has focused on defining what cyber is. This dissertation examines how states decide to employ cyber in military and intelligence operations against other states. The research question this work seeks to answer is: do states rationally decide to employ cyber in military and intelligence operations against other states? This work contextualizes broader cyber decision-making processes into a systematic expected utility - rational choice approach to provide a mathematical understanding behind the use of cyber weapons at the state level. INDEX WORDS: Cyber, Intelligence, National Security, Decision-Making THE DECISION TO ATTACK: MILITARY AND INTELLIGENCE CYBER DECISION-MAKING by AARON FRANKLIN BRANTLY B.A., Queens University of Charlotte, 2004 M.P.P., The American University, 2008 A Dissertation Submitted to the Graduate Faculty of the University of Georgia in Partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY ATHENS, GEORGIA 2012 © 2012 AARON FRANKLIN BRANTLY All Rights Reserved THE DECISION TO ATTACK: MILITARY AND INTELLIGENCE CYBER DECISION-MAKING by AARON FRANKLIN BRANTLY Major Professor: Loch K. Johnson Committee: Jeffrey Berejikian Han S. Park Michael Warner Christopher Bronk Electronic Version Approved: Maureen Grasso Dean of the Graduate School The University of Georgia December 2012 iv DEDICATION I dedicate this work to my wife and best friend Nataliya. She has stood by me and waited for more than 5 years while I finished my formal academic education. She has read, commented on, and reread more of my words than anyone. It is her patient and enduring support, which have enabled me to make it as far as I have. v ACKNOWLEDGEMENTS This work would not have been possible without the support and dedication of the diverse committee standing behind me and pushing me forward. In particular, I would like to thank Dr. Loch K. Johnson for his constant feedback and assistance in helping me to develop the ideas presented in this work. Dr. Johnson has inspired me both as a professor and as a mentor. I would also like to thank Dr. Jeffrey Berejikian, Dr. Han S. Park, Dr. Michael Warner, and Dr. Christopher Bronk each of whom have given enormous amounts of time to help me with my academic and professional pursuits. vi TABLE OF CONTENTS ACKNOWLEDGEMENTS ......................................................................................................... v LIST OF TABLES ........................................................................................................................ x LIST OF FIGURES & CHARTS ............................................................................................... xi GLOSSARY ................................................................................................................................ xii INTRODUCTION ........................................................................................................................ 1 CHAPTER 1 Introduction to Cyber Decision-making ....................................................................... 2 What is cyber and why is it important? ................................................................................................ 3 Cyber and International Relations ...................................................................................................... 15 Understanding decisions of states: the logic of rational choice modeling ......................................... 18 How this work is organized ................................................................................................................ 35 CHAPTER 2 .......................................................................................................................................... 37 The Key Concepts of Cyber ................................................................................................................. 37 Why is cyber important to national security? ..................................................................................... 38 Why is cyber an inherently asymmetric domain? .............................................................................. 53 CHAPTER 3 .......................................................................................................................................... 62 The Motivation and Utility for Covert Action ................................................................................... 62 The motivation and rationality for conflict ........................................................................................ 64 Political utility and the literature ........................................................................................................ 73 The use of covert action for political utility ....................................................................................... 75 vii Afghanistan 1980s .............................................................................................................................. 82 Italy 1948 ............................................................................................................................................ 83 Estonia 2007 ....................................................................................................................................... 84 Syria 2007 ........................................................................................................................................... 86 Stuxnet 2009 ....................................................................................................................................... 87 The Utility of Covert Action .............................................................................................................. 89 Section II - The foundations of a rational decision .................................................................. 90 CHAPTER 4 .......................................................................................................................................... 91 Digital Power ......................................................................................................................................... 91 Defining the components of digital hard power ................................................................................. 94 Cyber and its vulnerabilities ............................................................................................................. 106 Conceptualizing cyber power ........................................................................................................... 110 CHAPTER 5 ........................................................................................................................................ 113 Anonymity and Attribution in Cyberspace ...................................................................................... 113 The importance of anonymity .......................................................................................................... 114 Political action and anonymity ......................................................................................................... 119 The value of anonymity .................................................................................................................... 120 Anonymity, attribution, and decisions ............................................................................................. 124 Summarizing the debate ................................................................................................................... 126 CHAPTER 6 ........................................................................................................................................ 128 Cyber and Conventional: The Dynamics of Conflict ...................................................................... 128 The language of conflict ................................................................................................................... 129 Combinatory attacks ......................................................................................................................... 134 Stand-alone conflict .......................................................................................................................... 139 Cyber and conventional tools a tale of objectives ............................................................................ 141 viii CHAPTER 7 ........................................................................................................................................ 144 Defining the Role of Intelligence in Cyber ....................................................................................... 144 Defining Intelligence ........................................................................................................................ 150 Intelligence and the cyber battlespace .............................................................................................. 158 Policy considerations .......................................................................................................................