Cyber warfare and future ISR activities
Despite concerted efforts to control cyberspace, cyberspace has become a new domain of warfare in the modern battleground, joining the existing natural domains of land, sea, air, and space which can transform the effectiveness of the battle zone many folds.
The cyber warfare challenge is growing at an alarming space for leading militaries who think one day they will have to resort to cyber weapon as their last arsenal in a contested battle which can be swift and decisive.
This can cripple a nation without a single shot being fired at the enemy or its position but the outcome can be devastating as one can see during even peace time when hostile hackers or state sponsored activists and technicians play havoc with opponent’s network assets.
Indeed, cyberspace belligerency is an act of warfare against an enemy in the domain of cyberspace designed to cause harm to the enemy in order to damage its functioning and cause it to act according to a script dictated by the attacker.
By itself, a cyberspace attack cannot wrest a decision or produce strategic cyber warfare achievements, such as occupying land by ground forces, but it is capable of striking critical enemy targets and capabilities.
The Commander of the US Cyber Command has listed the types of targets susceptible to cyberspace attack: aerial defence systems, military weapons and command and control systems, civilian infrastructures such as the electric grid, the financial system, and systems of transportation and communications.
It appears that from now on, cyber war will likely play a part in every modern war. Indeed, both cyberspace attacks that have occurred and processes undertaken by states to prepare themselves in this domain indicate that the cyberspace arms race has already started.
As part of this race, a number of states (the US, Great Britain, France, Germany, China, and others) have in recent years established offices and headquarters dedicated to cyberspace as a domain of warfare, and security strategies for cyberspace have been formulated.
At the same time, states are also faced with considerations regarding the constraints of cyber attacks and the risk of exposure to counterattacks, especially because defences are still not sufficiently strong.
In addition, non-state elements such as terrorist organizations are liable to use cyberspace to launch attacks, once they achieve the capability of causing severe damage.
In tandem, there is growing international recognition that it is necessary to defend cyberspace and regulate its activities-similar to regulation in other realms.
This type of regulation can be achieved through inter-state cooperation, adaptation of international law to cyberspace, and formulation of a compelling international treaty. Progress thus far has been slow, certainly not in pace with developments in cyberspace.
Perhaps, the first cyber attack is said to have occurred when the CIA planted malware in an American-made computerized control system, which was then stolen by the Russians and transported to the USSR via Canada.
The Soviets installed the control system on the trans-Siberian gas pipeline in July 1982; shortly afterwards, it exploded because the CIA had tampered with the software so that it would, according to the memoirs of Thomas Reed.
The system went haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds, producing the most monumental non-nuclear explosion and fire ever seen from space.
According to Reed, the purpose of the operation was to stop Soviet technology and intellectual property thefts.
Information technologies and cyberspace are rapidly changing the nature of the modern battlefield as well.
One example is the advanced technology found on the battlefield, including intelligence systems, systems for information sharing and information fusion, the use of satellites on the battlefield, autonomous tools, real time integration of target seeking sensors with fire systems, and more.
The development of cyberspace has also allowed extensive civilian coverage of the combat arena, partly by means of mobile cellular devices that provide anyone present in the arena with the ability to document information, or alternatively, manipulate it.
This information is transmitted instantly to internet networks, which in turn generates discussions in the social networks and affects public opinion.
In US military documents, cyberspace is defined in the context of the second (logical) and third (physical) layers as “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”
Furthermore, cyberspace is the fifth domain (in addition to land, sea, air, and space), with interfaces between the domains: cyberspace exists physically in each of the other domains, connects them, and strengthens capabilities in them, while their activities are expressed in the domain of cyberspace.
Characteristics of cyberspace as a domain of warfare for each of the layers appearing in the UN definition of cyberspace, there are different security-related activities pertaining to the domain.
For example, actions in cyberspace aimed at the human layer designed to change user conduct, such as transmitting informational messages (open or hidden) through cyberspace to the enemy.
Secondly, also logical penetration (by means of software) for purposes such as espionage, attacks on enemy computers in order to withhold cyberspace benefits from the enemy, and attacks on machines and installations in the physical domains controlled from cyberspace,
This can disrupt thermal control mechanisms which could lead to the explosion of a security plant (an effect in the land domain) or disrupting an altimeter that could lead to damage of aircraft (an effect in the air domain).
In such cases, the enemy’s cyberspace becomes a tool helping the attacker and may therefore prevent damage to the enemy’s computerization systems.
In the physical layer, damage to hardware that serves as the foundation for the logical layer, as well as actions outside cyberspace aimed against infrastructures on which the domain relies, firepower and electronic.
The ability to act at nearly the speed of light, without traditional geographical limitations can be dangerous. This feature allows attackers the opportunity to execute long distance attacks in fractions of seconds without having to contend with the enemy in a physical arena.
At the same time, cyberspace depends on the physical domain and the network infrastructures diffused in the physical space.
On the defensive side, the possibility of a quick attack requires a foundation of dynamic defensive systems reacting automatically to attacks in real time and independent of human calculations.
Cyber attacks that have already occurred and information about strategies for action in cyberspace indicate that the attacker has the ability to operate in cyberspace anonymously-without leaving a signature (identifying marks)-and hide behind others such as private hackers, criminal elements, or foreign agencies and nations.
In other words, the use of cyberspace allows the attacker to minimize exposure, incrimination, and risk of counterattack, as evidenced by the fact it has been impossible to implicate the suspected nation in any of the cyber attacks carried out to date.
In warfare in a kinetic battlefield it is usually clear who started, who attacked, and what space was conquered; none of this applies in cyber war.
This fact has contradictory implications: on the one hand, this may serve to limit counterattacks (there isn’t anyone to respond to), yet there is also the potential for uncontrolled escalation.
For example, should there be attacks causing fatalities and heavy damage to property, there will be political pressure to react against suspected elements even in the absence of solid evidence about the identity of the attacker. Cyber weapons can also be used as non-lethal weapons.
The ability to cause heavy damage to the functioning of a state without destroying its physical infrastructures or killing people is considered an advantage of cyber weapons over strategic kinetic attacks (firepower).
At the same time, cyber attacks can also cause a great deal of destruction and loss of human life by means of damaging systems located in physical domains but connected to cyberspace.
Cyberspace makes accessible targets not susceptible to attack by fire, such as installations and systems (communications, command and control, etc.) located in areas difficult to access in a kinetic attack (because of distance, strong kinetic defenses, concentrations of population, and so on).
Today these are considered critical national infrastructures vulnerable to attack in cyberspace, both because of the nation’s great dependence on financial systems and because of these systems’ dependence on cyberspace.
Damage to the financial system is liable to keep salaries from being deposited in banks, limit foreign trade, and even cause the economy to stop functioning.
Moreover, logistics and transportation systems, which today are computer-enabled and national databases, i.e., in government ministries, the courts, universities, and so on.
Attacks in cyberspace entail little risk to the life of the attacker compared to military kinetic attacks in which risk to troops is one of the considerations likely to prevent an attack. This allows more audacity in the promotion of offensive ideas.
For the party defending against attack, the limited risk to human life allows a fairly large scope of activity and even the ability to operate automatic defence mechanisms, without dependence on human calculations and, unlike kinetic defence systems, without risk to individuals on either the attacking or the attacked side.
In certain attack scenarios, it is possible to attack specific targets within a certain domain without damaging additional entities. In other scenarios, however, it is difficult to control the scope of the attack and damage may spread beyond what was planned.
The tendency of viruses to replicate themselves can go unchecked and their ability to move through the web to different locations. This is a difficult challenge for an attacked party, which must prevent the virus from spreading.
For the attacker this is an advantage in certain scenarios of widespread attack, as many additional effects may be created by means of a limited effort.
However, this characteristic is liable to present a difficulty to the attacker who is interested in a focused and selective attack and tight control of the attack results.
Standardization of cyberspace is necessary as the cyber domain is based primarily on infrastructures made by global companies (e.g., Microsoft, Cisco, Check Point) that are located in every country and linked together.
While the universal nature of the domain and the use of the same equipment (for example, Unix and Windows operating systems) serve those constructing cyberspace, these features also entail a great deal of risk to an attacked party.
For example, hacking of information security software or a technological database belonging to a global cyberspace company is liable to endanger every site where it is used.
In March 2011, RSA, the information security company owned by the giant storage company EMC, announced it sustained damage by a sophisticated attack by hackers who managed to steal information on a secure ID apparatus serving to verify employee identity in organizations and governments around the world.
Such incidents endanger the effectiveness of security products shared by many corporations and governments.
Connectivity between cyberspace and devices operating in other domains are important as using sensors it is possible to convert geographical, thermal, mechanical, and other data from physical domains into bits, and vice versa, and using effectors it is possible to convert directions transmitted over the bit web to actions in those domains.
This connectivity allows a cyberspace attacker to generate effects in physical domains by attacking systems connected to cyberspace, such as computer embedded systems.
High human ability to control cyberspace is growing because cyberspace is an artificial, man-made domain, defenders should be able to control the sphere they have constructed.
They should be able to anticipate the conditions in the domain, as opposed to the difficulty in anticipating conditions in other domains (like weather).
They can shut the domain down or limit its use: examples of attempts to limit the use of cyberspace may be found in China, Arab states, and Iran.
The domain also allows both sides (attacker and attacked) to train with great ease and undertake simulations. In addition, it is easier for those attacked to rebuild an organized, ordered network quickly than a less organized network.
Nonetheless, events unanticipated by the builders of the domain do occur in cyberspace, products of interactions between computers or the intensification of human errors (e.g., errors in providing instructions to the capital market).
The features of the domain intensify the ability of insiders to act maliciously by means of cyberspace. In many cases, military communications infrastructures are linked to civilian infrastructures.
Hence, defending civilian infrastructures is also critical for military purposes. At the same time, militaries have cyberspace capabilities that may help defend civilian infrastructures.
In democratic nations, this integration is a legal challenge for a threatened or attacked party in light of advanced legislation in the field of individual rights, which makes it difficult, for example, to gather information and use military units in civilian cyberspace.
Global communications networks allow an attacker to cross borders and move quickly to connected targets and even use the enemy’s own computerization resources to attack its systems.
At the same time, connectivity allows the attacked party to make use of resources among friendly nations to identify attacks and foil them before they arrive at its own doorstep.
Mutual dependence between cyberspace and physical domains are increasing as cyberspace has two-way interdependence with physical domains. On the one hand, it enhances activity in those domains.
On the other hand, it is possible to damage targets in those domains through cyberspace. In other words, kinetic damage to physical infrastructures such as communications installations and power stations is liable to enhance cyber war.
It is the ability to mass produce cyber weapons quickly and cheaply which is challenging. From the moment a cyber weapon such as a worm or defence software is created, there is nothing stopping its mass replication, effortlessly and at low cost.
This characteristic, which departs entirely from kinetic weapons, serves both the attacking and attacked parties.
Use of remote resources is becoming a problem as cyberspace allows users to reach human and computer resources in ways unfeasible in physical domains.
Unlike the traditional battlefield in which soldiers are present in battle, soldiers and computer resources operating in cyberspace can be deployed in different locations and mobilized quickly by means of information technologies.
This greatly improves the capabilities of using reserves in cyberspace as part of technological and operational depreciation.
Technological developments and weaknesses in existing structures force frequent changes in defensive tools.
Similarly, regular upgrade and development of defensive capabilities and the repair of breaches obligate users to improve the tools for attack. This is a major drawback for the attacker because it must replace large amounts of means once they are obsolete.
Espionage, an invasive (not offensive) activity prevalent in security institutions, is designed primarily to gather intelligence in a clandestine manner.
The activity is not intended to damage or disrupt the enemy’s systems, nor is it meant to affect the enemy directly (as long as the enemy remains unaware of the fact that its secrets have been uncovered).
Using cyberspace for intelligence gathering has a long history, dating back to when computers and software were first introduced into various communications systems.
In this field, there is a greater dependence-military, state/political, technological, economic, and social-about the enemy’s capabilities and intentions in peacetime and in war, in order to form situation assessments, formulate strategies, make decisions, and construct military and fighting forces.
Technological and economic intelligence gathering also include theft of technological and business secrets.
Gathering enemy cyberspace assets, such as stealing software and databases, for the purpose of using them without permission are now rampant.
This goes beyond knowledge theft and is closer to using looted weapons or stealing assets, and may therefore be viewed as soft cyber war.
Nonetheless, even cyber asset theft can be effected through duplication and without removing any assets from the enemy’s domain.
In a world where economic and technological power may have far reaching implications for strategic balances of power, gathering and sorting cyber, technological, and economic information and assets carries much significance for the national security of both sides.
Such information and assets are likely to improve the ability of the nation doing the gathering to compete on the global market and close gaps in defence R&D.
By the same token, an invaded/penetrated nation is liable to lose its strategic advantages. This is an area in which gathering goes beyond the traditional need to gather information in order to know the enemy and understand the enemy’s capabilities and intentions.
In the 1970s, Russia managed to connect to ARPANET (the US Advanced Research Projects Agency Network, the precursor of the internet).
It was revealed that within the framework of a military project financed by the United States at the Center for Mathematical Studies in Geneva, the communications network modem had been connected to Moscow and was supplying the Russians with accessibility to the United States via the network.
Another example of a serious event of cyberspace espionage was described by the then US Deputy Secretary of Defense Lynn: “We learned the hard way in 2008 when a foreign intelligence agency used a thumb drive to penetrate our classified computer systems-something we thought was impossible.”
“It was our worst fear: a rogue program operating silently on our system, poised to deliver operational plans into the hands of an enemy.”
It may be that this description refers to an intrusion attributed to China, when the plans for Lockheed Martin’s future F-35 Lighting II fighter jet were stolen, including the plans for the electronic systems of the most advanced aircraft in the world, whose development had cost $300 billion.
Yet, the US is getting ready for counter cyber operations. The US Air Force is equipped with C-130 Hercules airplanes charged with carrying out psychological warfare missions, such as penetrating TV and radio broadcasts in enemy states and broadcasting messages against the regime and other messages meant for the local populations.
The planes also serve as relay stations that allow the establishment of cell phone networks that can provide the population with cell phone and wireless internet services and allow for communication with the population should the regime attempt to cut off connectivity.
In other words, this can take control of the electromagnetic field and cyberspace out of the hands of the regime and place it in the hands of an intervening party.
The concept of early warning does not require much adjustment for cyberspace in terms of analysis of strategic intentions and the methods of action and tools available to the enemy.
However, the challenge is different with regard to operational and tactical warnings where it is necessary to relate to the details of the attack and its timing.
Preparations for attack in cyberspace may occur in utmost secrecy, unlike widespread preparations needed to organize conventional troops for war, which are easily leaked.
It is often hard to know in real time that a cyber attack has begun before its results are felt; it may also be that the results are never felt (and will be dismissed as a glitch in the system).
A different question is the purpose of the warning in a reality in which an attack occurs with the speed of light and what operational defensive moves it could possible serve.
The need of the US military to base itself on dynamic cyber defence, which reacts automatically as soon as an attack is identified, is indicative of situations in which it is impossible to rely on traditional tactical warnings (such as warnings supplied by observation posts to field unit commanders about the advance of enemy forces).
As part of the process of modernization in the military, there are efforts to develop network architecture capable of coordinating military operations in all domains.
At the same time, the Chinese view the attainment of information dominance as a key component for attaining victory in a confrontation. They are striving to gain control of the enemy’s flow of information, thereby earning dominance on the battlefield.
To that end, they are developing the capability of intruding into the enemy’s advanced information systems for intelligence gathering, by means of which they intend to ensure success in future confrontations.
As part of its offensive approach, China is developing the capability to combine computer network attacks, electronic warfare, and kinetic blows (firepower) in order to destroy the enemy’s communications systems (military and civilian) and create blind spots, which Chinese forces would then be able to exploit in real time.
Command and control and logistical structures are also inviting targets for cyberspace attack because of their key to attaining military strategic objectives.
Such attack operations would be used by the Chinese in the early stages of a confrontation, and perhaps even as part of a preventive move.
Actions of this sort are considered a component of China’s strategic deterrence, whereby this constitutes a nonviolent “small war” that does not necessarily require an enemy’s response and is possibly capable of preventing the “big war.”
Personnel in the Chinese Army contend that cyber weapons have the deterrent potential equal to that of nuclear weapons, only better: they cause no physical damage.
The damage they do cause is controlled and pinpointed, and the weapons can be aimed at essentially unlimited ranges.