Cyber security systems, including network centric warfare systems and platforms, are proving to be the main weapon of new generation and hi-tech battlefield that is swift, lethal and decisive.
Militaries all over the world now rely on the fact that cyberspace is not just becoming a dominant platform for life but it is also becoming the century’s dominant platform for hi-tech warfare.
As political and military decisions are made to protect and preserve the 21st Century way of life, one cannot help but wonder how well informed these decisions will be.
Largely, the military services are designed, trained and equipped to conduct effective kinetic warfare. Unfortunately, it is felt that these skills are irrelevant in cyber warfare.
At no other time in history have a leading nation’s defence capabilities become so out of synch with the reality of security threats than today.
Cyber systems are cyber realities. Much more holistic in nature and it is not simply information but cyber cultures. Thus, coordinated cyber attacks at multiple levels will be capable of knocking out emerging challenges in a better way.
Impact of cyber attack characteristics (anonymity and plausible deniability) on policy and responses, it is pertinent that nations have to hold back responses because they cannot be sure just who is reconnoitering their systems.
Inability to understand impact of culture on methods that nations use while using the Internet, for example, the Chinese use electrons as carriers of strategies, could make the origin of the threat more complex.
This trend is responsible for the accelerating technological advances seen in recent decades. It is another critical factor in the development of information warfare.
In a more narrow range of cyberspace, new technologies will hold the keys to cyber warfare, cyber-security and cyber-attacks.
This is a target-rich environment for espionage and attack. The actors to be defended against must include the traditional geopolitical organizations, but also the borderless and non-geopolitical players mentioned prior and the single lone or small group actors.
Cyber war extends much further than the Internet (and its evolving successors) and involves electronically deceiving, blinding, jamming, overloading and intruding into an adversary’s (or potential adversary’s) information and communications networks.
This includes command and control infrastructures, intelligence collection, processing and distribution infrastructures and underlying communications and positioning technologies (including but not necessarily limited to IFF (identify friend-or-foe) and tracking smart unmanned systems.
Cyber war also involves conducting operations according to information-related principles including establishing dominance in the veracity and accuracy of information and knowledge and maintaining that dominance while denying similar information and knowledge, veracity, and accuracy to an adversary.
As such, it has broad ramifications for organization and doctrine including a need for networked structures (which requires greater decentralization of command and control) and non-kinetic engagements including psychological operations and the undermining of both an adversary’s morale and its willingness to resist.
Cyber capabilities also provide greater understanding of the ‘bigger’ picture, minimizing the fog of war, and enhancing management of the complexity that is conflict.
Indeed, cyber war is an extension of the traditional importance of obtaining information, converting it into knowledge and leveraging that knowledge down the kill-chain more quickly than an adversary.
It requires superior command, control, communication and intelligence technologies and a willingness to find, feel, fix, surprise, and deceive an enemy.
Hierarchical command and control gives way to battle space/kill chain management. In civilian terms (and cynically postulated), cyber war simplifies to leveraging knowledge to minimize the capital and labor investment expended to ‘close with’ and kill or capture an adversary and undermine its will and ability to resist.
However, it is a world in which the nation-states with cyber power moderate usage of their cyber weapons: China and Russia because they are perhaps satisfied with the intellectual property and military plans they retrieve such as Iran and North Korea perhaps due to their fear of retaliation.
Cyber threats
The newer cast of bad actors are another problem altogether. Extremists and the growing forces of cyber militias have no such fears and thus present a major danger to the US, Britain and other developed nations.
Since there is no concerted effort to rein these dangerous new players, the developed and like-minded nations including US will be forced to take offensive action, even if it takes the form of a widespread cyber war.
In fact, playing cyber defence is a losing game. In an environment where defences are limited in effectiveness and each attack is certain to differ from the last, the US finds it impossible to protects its plans, intelligence and critical infrastructures with any degree of success.
The global cyber warfare machine is increasingly filled with too many aggressors and moving parts to be successfully defended against in a piecemeal fashion.
No norms or rules of behavior are being followed. Even if a rulebook for cyber conflict existed, it would not be followed by the bad actors, many of whom have neither accountability for their results, nor understanding of possible outcomes from their actions.
These forces create a dangerous and unsustainable world that is incompatible with America’s need for security. The US is therefore considering switching to an offensive posture in cyberspace.
A strategic US shift in emphasis from defensive to offensive cyber operations has already started to occur. And this is not a move without precedent as the UK has already signaled its intent to become offensively driven in national defense cyber operations.
The unbridled, unruly, and uncontrollable forces of conflict in cyberspace must be reined in-and soon.
The alternative is to give the bad actors time to further develop their attack methods and use them with impunity, sweeping the US and the developed world into an unstable future filled with unimaginable dangers.
The global spending on cyber warfare systems is expected to remain robust over the forecast period primarily due to the increased importance of such systems in modern warfare.
The formation of the US Cyber Command or USCybercom by the highest defence spender globally, highlights the importance of cyber warfare in today’s world.
Furthermore, the cyber attacks in South Korea, the US, Estonia and Georgia in 2011, add credence to the growing expenditure on global cyber warfare systems.
Wars include a mix of physical, mental and tactical elements with information and communication technologies (ICT) playing a major role in the capabilities of mobile forces armed with real-time information devices.
ICTs can be used to attack these battlefield systems directly, to capture sensitive data from defence contractors and governments or disrupt national infrastructure.
Equally, defence systems must be built to detect and counter these attacks, making cyber warfare systems essential tools for maintaining an advantage in modern conflicts.
Real-world attacks over the Internet also are possible. In March 2007, the US Department of Energy’s Idaho Lab conducted an experiment to determine whether a power plant could be compromised by hacking alone.
The result was a diesel generator smoking and on fire as a result of some malicious data that could easily have been sent to it over the Internet from anywhere in the world.
In January 2008, a CIA analyst told American utilities that hackers had infiltrated electric companies in several locations outside the US. At least in one case, they had managed to shut off power to multiple cities.
Information attacks have been used in practical conflicts as well. In April and May 2008, Russian hackers believed not to be directly employed by the Moscow government subjected Estonia to a nationwide denial-of-service (DoS) attack that effectively shut down the country’s access to the Internet, with substantial economic impact.
They began the same sort of attack on Georgia in the run-up to the August 2008 clash between Moscow and Tblisi.
Similarly, the military dictatorships of North Korea and Mauritania both reportedly have hired operators of botnets-networks of illegally commandeered PCs-to smother several opposition websites with DoS attacks.
Thus, it can be concluded that information warfare will be a significant component in most future conflicts.
This position is in line with both US military doctrine and white papers published by the Chinese People’s Liberation Army. One study affirms that as many as 120 governments already are pursuing information warfare programs.
Repeated reports that Chinese computer specialists have hacked into government networks in Germany, the United States, and other countries show that the threat is not limited to relatively unsophisticated lands.
A 2007 estimate suggested that hackers sponsored by the Chinese government had downloaded more than 3.5 terabytes of information from NIPRNet, a US government network that handles mostly unclassified material.
More disturbingly, adversaries have often taken advantage of computer networks and the power of information technology not only to directly influence the perceptions and will of the United States, its decision-makers, and population, but also to plan and execute savage acts of terrorism.
Cyber-EMP impact
EMP means ‘electromagnetic pulse’, a blast of radio energy so strong it fries electronic equipment. In fact if an enemy sets off an atomic bomb at an altitude of 30,000 feet, there would not be a computer working for miles around.
The terrorists who strike Northern Virginia on did not need a nuclear weapon to shut down the region’s computers.
Instead, they used homemade EMP generator-bombs that any good engineering student can build with $400 and information found on the Internet.
They detonated nine of the bombs within a triangle stretching from McLean west to Dulles International Airport and south to Chantilly.
The EMP blasts took down communications and navigation equipment at Dulles, some of the less critical computers at CIA headquarters in Langley, and data centers that carry some 40 percent of the world’s Internet traffic.
New technologies are surpassing the previous state of the art in all fields. Laptop computers and Internet-equipped cell phones provide 24/7 access to e-mail and Web sites.
New materials are bringing stronger, lighter structures that can monitor their own wear. By 2015, artificial intelligence (AI), data mining, and virtual reality will help most organizations to assimilate data and solve problems beyond the range of today’s computers.
The promise of nanotechnology is just beginning to emerge. Ultimately, speculations that the world is approaching the “singularity’s event horizon,” the time when artifacts become so intelligent that they can begin to design themselves and one cannot understand how they work, may prove correct.
At that point, humanity will be largely a passenger in its own evolution as technological species. This trend is the ultimate foundation for cyber-war.
Vulnerable network
Complex, often delicate technologies make the world a richer, more efficient place. However, they also make it relatively fragile, as it becomes difficult to keep industries and support systems functioning when something disrupts computer controls and command centers.
Indeed, technology will alter all the current traditional thinking about cyberspace, cyber-warfare, and traditional warfare.
Because it will be totally interlinked to the network as its ramifications will be costly, and widespread. Battelle Institute, the NSA, the Materials Research Society, NASA, the military branches, and numerous other entities have made significant trend projections in this area.
What must be explored is how, for example, cellular or water-based computing systems, artificial intelligence, and things like singularity will have specific impacts on cyber programs currently existing, in R&D, in production, or being funded.
For example, SEAL Team stealth craft and US Navy Destroyers being worked on by Converteam will only remain stealthy as long as the internal wiring and routing system and switches run on fiber-not copper.
Yet, current DoD supply vendors do not offer such essential components. To handle all aspects of cyber warfare correctly, these kinds of mindless systemic snafus require adequate future casting and analysis.
Otherwise, many of the vital systems will become outdated before they are even production-ready. And, these will greatly add to the total cost of the program-even if short-term budgetary costs are reduced.
Telecommuting is growing rapidly, thanks largely to e-mail and other high-tech forms of communication.
However, Millennials already have abandoned e-mail for most purposes, instead using instant messaging and social-networking Web sites to communicate with their peers.
These and other new technologies are building communities nearly as complex and involved as those existing wholly in the real world.
Information warfare
This is one of the two or three critical trends that give information warfare and operations their significance.
As institutions computerize their operations, they become more vulnerable to unauthorized access.
As they redesign their operations to take advantage of the efficiencies computers offer, they also open them to disruption by technologically sophisticated adversaries.
Disruption need not be overt or easily detected. With manufacturing systems increasingly open to direct input from customers, it might be possible to reprogram CNC machine tools to deliver parts that were subtly out of space and to rework the specifications themselves so that the discrepancies would never be noticed.
If the tampering were carried out with sufficient imagination and care on well-selected targets, the products might conceivably pass inspection, yet fail in the field.
Advances in information and communication technology have clearly meant that the mobilization of all sorts of groups pursuing a wide variety of causes is both easier and cheaper.
Virtual networking can be reasonably expected to lead to a proliferation of a larger number of smaller specialized extremist groups, some of whom may spend as much time vying with each other as much as anything.
Nevertheless, this presents the security community with the daunting task of fronting up to a far more diffuse threat than until now.
In terms of cyber crime, one can expect the main focus of the intelligence community to be around a three-pronged approach detection; interception and intervention to undermine the technology infrastructure of extremist groups.
As everyone recognizes, the Internet is a mess, open to all kinds of uses, misuses, anti-social material, irksome intrusions from ads, identity theft, international swindles, and so on.
For these reasons, as well as the potential for national security interventions, and general hell raising, it is time to plan, design, and execute over the next five to seven years, a replacement for the Internet.
New communication technologies will further change the way conflict takes place. First, the ability to utilize communication technologies to achieve information superiority and dominance is essential.
Second, denying others access to information will also be critical. Third, the ability to exploit information effectively will reduce the current asymmetrical differences between states and between states and non-state actors.
For example, the size of the military will matter less than the ability to effectively use information to determine weaknesses and strike.
There is a need to identify a single organisation to lead, manage and execute national cyber capabilities. Capabilities will need to be established across government in tandem with developing a coordinated strategic cyberspace program.
However, a specific concern for militaries is that there is as yet, in most Western militaries, no acknowledged owner of cyberspace.
This in turn means that no-one organisation is specifically focusing on how to protect key capabilities against cyber-attack but also how to develop a coherent cyber warfare capability.
In fact, cyberspace operations will require a new class of cyber cadre. Effective cyberspace operations will necessitate the recruitment of cyber warriors, either as operators or analysts, and the nature of the cyber threat will mean that significant numbers of these specialists will be required- this will be challenging.
There is currently a lack of agreed definitions for Cyberspace and related activities, recognising the need to refine doctrine and organisational structures to match potential (sovereign) national requirements.
Development and review of doctrine should be proceeded by conceptual approaches. Conceptual approaches need to be developed and informed by; relevant experiences; lessons learned; historical and scientific evidence; and the development of analytical models/experimentation, including scenarios/vignettes, to understand the impact of cyber operations.
Legal issues
The need of the hour is assessment of the legal implications of cyber activities, and establishing a legal framework for conducting cyber operations.
The need to assess the measures of effectiveness of cyberspace operations and provide ‘appropriate’ response, whether concerning national security or domestic/commercial law enforcement is a critical area.
Whilst the adversaries will not necessarily be constrained by societal norms or rules therefore one must ensure that they operate within the framework of established and defined rules.
The decision loop for cyber space activities is underdeveloped and uncompressed, unlike the sensor-to-shooter cycle and this loop will require to be closely controlled.
There is a need to also focus on the attribution of cyber attacks whether at state or non-state actor levels, and the challenges in understanding discrimination, proportionality and national necessity in cyberspace- especially because of the reliance on ‘dual use’ systems.
Cyberspace operations need to have an equivalence to kinetic action, and we must be able to understand the ‘intent’ of attacks irrespective of the physical or cognitive effect desired, whilst assessing the implications of Cyberspace operations.
This activity should engage both civilian and government legal advisors, and the international community, towards establishing a robust legal framework.
It is expected that by 2020, with the advent of IPv6 and RFIDs, everyone and everything will have an IP address.
All devices and IP users will synch with every other device or user, meaning that privacy and security will be a thing of the past.
The ability to keep a secret will depend on the restricted societal and cultural norms of non-democratic countries. The US will be more at risk in a cyber war or conducting one.
By 2022, the US will become less and less of a leader in these technologies, making us more dependent on others for privacy and security. Cyber wars will be to the advantage of those in control of the standards, protocols, and democratic (rule of law) restrictions.
By 2025, the (cloud, nano, optical, and/or DNA) computing power and storage capabilities will increase to the point of storing all human knowledge. Anyone will have access to any knowledge. Cyberwars against nations can be waged by an individual as well as nations against single individuals.
By 2028, this increased power and capability will make it near impossible to tell the difference between human and AI.
Cyber wars may be waged in the mind of an individual, a network, or a system without being “heard” until the unintended or secondary consequences are felt.
By 2030, all knowledge and e-devices will become so interdependent that no one will be able to conduct cyber war without hurting themselves.
By 2035, all wars including cyber wars will be conducted for natural resources. While all of these technological changes occur, cyber wars will be conducted to control knowledge.
But at some point, the limits to Earth’s natural resources will drive warfare. These resources will be basic- food, water, and air-as well as energy generation, distribution, and transmission to run it all.
Of particular interest during the next three decades will be the roles of bioinformatics and bio-metrics in the next long wave business cycle. ‘Progress’ will result from the exploitation and manipulation of molecular genetics enabled by nanotechnology, quantum processing, bio-computing, and ubiquitous sensing.
In parallel, the Grover algorithm (quantum processing) massively reduces the computational requirements for elaborate attempts at synthesis, including DNA sequencing.
Cross species molecular breeding and augmented human capabilities will be an ultimate result. Such efforts will be paralleled by machine calculations and neuroinformatics with processing speeds on the order of 30 million billion calculations per second (by 2020).
Behavior modeling will offer predictive value as communicating micro-sensors (both active and passive) feed data repositories and macro models and simulations. Non-invasive transcranial projection will allow both active and passive behavior modification.
Nano-enabled robotic technology will begin to redefine human roles in commercial (particularly in the agriculture and manufacturing) sectors, social activities, and conflict amelioration. This will ultimately cause radical changes in the cohesiveness, structures, and definition of national and regional ‘interests’.
The rate of technology diffusion in the next three decades is a significant unknown. In the United States, the current generation of decision makers has been shaped by the recent past and is sustained by what was the ‘then’ usual.
Reflected is an economic ‘shake-out’ accompanied by decades of miserly restraint in funding new technology based systems and in fundamental research.
Forward-looking development has essentially been ceded to Universities and private laboratories.