The Cyber Warfare/Security Briefing Part II

"He who offends others does not secure himself" - Leonardo da Vinci.

The blue circle represents what I knew before the USCYBERCOM briefing while the black circle represents elements I did not know.

by Kudakwashe Kanhutu

Following on from my provisional assessment of the state of the field before my meetings with the USCYBERCOM Commander, I can now say with great confidence that it is possible to know enough about a field not to engage in any further earnest research every time a permutation occurs. Of course, this conclusion of mine may be down to the fact that my allegiance is to the Republic of Zimbabwe, and cyber threats are not our foremost concern at this present point in time. The picture above represents what I knew about the field (blue circle) and what I did not know (black circle) before meeting Admiral Michael S. Rogers.

Admiral Michael S. Rogers, Commander USCYBERCOM, Director NSA.

The Real State of the Cyber Environment

Admiral Michael S. Rogers speaks to Financial and Security Experts at the London Stock Exchange.

My summary of the field in Part I (pre-meeting) is very much valid. The only thing I can now add is that as the NSA Commander as well as the GCHQ Director also presented their views of the field, I managed to get an insider's view as opposed to mine which is that of a dilettante. Their classification of the various threats; criminal, vandal, state attack etc and the ways in place to respond to each of these threats were also much better than mine. Again, this may be due to the fact that I only worry about those cyber actions that are related to, or may result in open warfare. These practitioners were more concerned, or rather, equally concerned with commercial crime in cyber space. In this regard, my opening quotation by Leonardo da Vinci is not as apt as it could be - those who are targeted by cyber criminals do not necessarily have to have done something to get targeted. Possession of wealth and valuable information is enough reason for the cyber miscreants. It has always been my argument that military aggression creates committed enemies but this dictum does not strictly apply in the cyber domain. 

The other knowledge I do not have, represented by the black circle in the first picture, relates to classified information these officials did not divulge, as well as, that knowledge Donald Rumsfeld saw fit to call unknown unknowns.

My arrival for the meeting at the LSE

My arrival for the meeting at the LSE

The Cyber Warfare/Security Briefing Part I

"He who possesses most must be most afraid of loss" - Leonardo Da Vinci.

The London Stock Exchange for meetings with the Commander of the United States Cyber Command 15. 07. 2015

by Kudakwashe Kanhutu

I have often wondered if it is possible, no, I have often hoped that it is possible to have enough information about the principles of a particular field that you no longer need to add to your stock and can, on the basis of this stock, cogently discuss any new permutations in the field. I am going to test this hope (empirically) by, without looking at a book, webpage, journal, video or audio clip, write all I currently know about the Cyber (Security) Domain; then, tomorrow, after meeting the National Security Agency (NSA) Director and Commander of the United States Cyber Command, I will write, for want of a better word, a de-briefing of the current state of the field. I will then measure the distance between what I thought I knew and what I will have learnt from tomorrow's discussion. If the distance is too vast then I must conclude, in despair, that we are all in exactly the same situation as Sisyphus.

The State of the Cyber Environment 

Wherever human beings live and operate, challenges and opportunities exist. I have no charts or graphs to show you here but, because human beings live on land, land warfare (a challenge) is the most predominant form of warfare. The benefits (opportunities) of land to humans need not be listed - it's our natural habitat. Adjunct environments such as Sea, Air and Space are then used either to support the waging of (land) warfare, or enjoying the benefits of our habitat. To these natural environments - Sea, Land, Air and Space - human ingenuity has added another one - Cyber! 

The Cyber environment, properly conceived, is just an adjunct that helps humans perform their tasks better: I am communicating my ideas to you from the comfort of my bed when previously I would have gone to a library, typed my thoughts, printed them, then snail mailed them to the national paper, wait to see if they may be published and, even then, if you did not buy the paper that day, you would have still missed all this I am writing right now (which would probably not have been necessarily a tragedy!). The point is, the cyber domain makes a lot of things easier. This convenience, however, comes with potent challenges. As the (physical) Critical Infrastructure Network (CNI) - health system, roads, national grids, railways, aviation, military command and control - all now rely on the cyber environment for their smooth operation, a potent vulnerability thus exists.

  

The oft quoted possibility is that of a hacker being able to disrupt Air Traffic Control to the extent that aircraft will collide into each other. For busy airports like Heathrow, where planes land every 3 minutes, this will be a nightmare of epic proportions with, in addition to the loss of life, serious knock on effects to the economy. The same scenario would have the most negligible effects on an airport in Swaziland where under 10 aircraft land on a busy day. This is also very pertinent to the cyber security environment - with greater interconnectivity comes greater threats and disruptions. Another (remote) possibility is that a hacker could launch a country's missiles against a nuclear armed state and thus hasten Armageddon. The essence is that, activity in the Cyber Domain now has real world consequences, to the extent that if cyber assets of Country A are damaged by Country B, the understanding is that Country B reserves the right to strike back with all its Land, Sea, Air and Space Forces.

What is still notoriously elusive in the Cyber Domain is the ability to attribute a cyber attack to the right culprit.