There’s not another nation in the world that can wage kinetic warfare as effectively as the United States, and that’s probably at the heart of the reason why the United States will lose a war fought in cyberspace.
It’s not because we don't have skilled cyber warriors, because we do. It's because present leadership in the Defence Department is trying to fit the round peg of cyberspace into the square hole of meat space. A perfect example of this mindset is found in the Spring 2011 edition of Strategic Studies Quarterly ‘Rise of a Cybered Westphalian Age’ wherein the authors write:
‘First, the technology of cyberspace is manmade. It is not, as described by the early “cyber prophets” of the 1990s, an entirely new environment which operates outside human control, like tides or gravity. Rather, as its base, the grid is a vast complex system of machines, software code and services, cables, accepted protocols for compatibility, graphical pictures for human eyes, input/output connections, and electrical supports. It operates precisely across narrow electronic bands but with such an amalgamation of redundancies, substitutions, workarounds, and quick go-to fixes that disruptions can be handled relatively well as long as everyone wants the system to work as planned.’
In the earliest days of the Internet, otherwise known as Web 1.0 (the Read-only Web), the above was certainly true. As we moved to Web 2.0 (the Read-Write Web), it became less true. The more integrated our physical and virtual lives become (Web 3.0), the farther away from that definition we land. The fact that the authors of the paper still believe that cyberspace is nothing more than a manmade piece of hardware says volumes about how the domain is misunderstood at the highest levels of the Defence Department, which is obvious with the miscategorization of cyberspace as a 5th domain:
‘Though the networks and systems that make up cyberspace are man-made, often privately owned, and primarily civilian in use, treating cyberspace as a domain is a critical organizing concept for DoD’s (the Department of Defence) national security missions. This allows DoD to organize, train, and equip for cyberspace as we do in air, land, maritime, and space to support national security interests.’
I've touched upon the concept of n-dimensional conflict here, and I'm writing a chapter on it for the 2nd edition of Inside Cyber Warfare. In the course of my research, I've come across the work of theoretical physicist Basarab Nicolescu who argues that cyber-space-time (a more accurate name than ‘cyberspace’) is both artificial and natural at the same time:
‘The information that circulates in CST is every bit as material as a chair, a car, or a quantum particle. Electromagnetic waves are just as material as the earth from which the calculi were made: it is simply that their degrees of materiality are different. In modern physics matter is associated with the complex relationship: substance-energy-information-space-time. The semantic shift from material to immaterial is not merely naive, for it can lead to dangerous fantasies.’
One of Nicolescu’s influences was Nobel laureate Wolfgang Pauli and Pauli, in turn, was fascinated by Carl Jung's theory of Synchronicity. In fact, Pauli and Jung spent a great deal of time together because Pauli believed that there was a relationship between Jung's acausal connecting principle and quantum physics; specifically a conundrum known as ‘quantum indeterminacy.’ Even though Pauli's lifetime preceded the Internet age, he wrote extensively about a unifying connecting principle that bridged mind and matter. Nicolescu references Pauli's work and calls that connecting principle cyber-space-time.
In a kind of ironic twist, Carl Jung’s theory of synchronicity has its genesis in his fascination with an ancient Chinese oracle called The Book of Changes or Yijing. It’s a divinatory oracle that dates back to the Qin dynasty and teaches that the universe is composed of parts that are interconnected. The yarrow stalks used in the Yijing symbolize those parts, while the casting of them symbolizes the mystery of how the universe works (Pauli's quantum indeterminacy). Chinese emperors and generals have used this oracle since approximately 300 BC, and it may still provide a glimmer of insight into the mysterious nature of this new age of cyber-space-time and how cyber battles may be fought and won.
Unfortunately for Western nations, synchronicity has its origins in the East. Western nations have a tradition in causality, not synchronicity. And the US Defense Department is deeply grounded in traditional western thinking and practicality. The decision to call cyberspace a domain was based on organizational necessity. That’s how the Defence Department is set up. It’s how budgets are created and funds distributed. It’s how contracts get assigned. Simply put, it’s how things get done at the Pentagon. This is why the United States will lose a war fought in cyberspace. A strategic doctrine built upon a flawed vision can’t yield a victory against an adversary whose knowledge of the battle space is superior to our own.
This is an edited version of an entry that also appears on Carr's blog. Carr is also the author of 'Inside Cyber Warfare: Mapping the Cyber Underworld' (O'Reilly Media, 2009).
Reddit
Digg
StumbleUpon
Delicious
Technorati
Yahoo
Google
Plurk
Frankie
why is the picture the author chose a tournament for an online video game that highschool kids play those arnt cyber warriors there just kids at school.
Walter
IMHO – A lot of you people sound like good proud Americans that do not work in the industry, do not want to believe what reality is or you do not work close enough to the 1 & 0s to know which is understandable. I am not saying this because I believe in some mystical magic, but people making comments about Chi, or more properly Qi, you can tell they do not know what the are talking about just as those talking misles at Vandenberg and yes I am very familiar with the place, my good friend of many years was a launch commander there if you know what that means.
I have worked in DoD IA, or Information Security which is what we called it years ago, then greedy contractors found out you could charge more for the same type of work if you called it Mission Assurance, even more for Information Assurance and yet more if we call it Cyber Security. In my 20+ years working in and/or for the government I have learned one thing. National security is like Santa Claus. It is a heart warming and comforting thing to believe in, but neither exists. NGA had their IDS boxes owned for months and we never knew it until a gray hat from Brazil told the contractor in an email. Google Moonlight Maze or Solar Sunrise and read those stories, then tell those of us that know better what you say here.
If it makes you feel better and helps you to sleep better at night without your Teddy then go ahead and keep believing.
gatoMalo
China Prepares for Cyber Warfare- The Ministry of National Defense (MND) looks like the main leaders of China’s cyber warfare C&C. “The Executive Yuan has made tremendous efforts in beefing up government units’ ability to counter cyber-attacks,” said Wang Te-pen (???), a major general at the MND’s Communications and Information Security Department told at a regular briefing yesterday in Taipei.” Under the supervision of the Executive Yuan, Wang said the MND also fortified its anti-online infiltration capacity.
Of course this tough guy attitude from China comes after McAfee opened the “Shady Rat Attack” report. As they say everyone was attacked except China. I know their needs to be a MAC address and a TCP/IP and geo-location but as I track China for my Timeline it’s clear the Chinese did it. As I wrote previously we knew China was doing this 4 years ago and now it becomes real why now. We could have prevented trillion of dollars in Intellectual property alone if we would have done something 4 years ago. Would of, Should off, Could off and the list goes on as our cyber national security goes down in flames because our representatives don’t have to courage to lead and stop following.
From the Chinese point of view they saw our political infighting and with all the T-Bills they have and a -273% trade deficit with America. Why wouldn’t China be bold right now and take what they want. Our leaders are stuck in this infighting it’s like “Nero playing the fiddle while Rome burned down”. We have the power Net-Citizens to change all this. Get the twitter accounts and Facebook connections out and VOTE. Let’s become leaders of the free world again. Let’s make the hard choice because cyberspace is here to stay we can’t let the threats outweigh the freedoms.
My 2© cents – gatoMalo_at_uscyberlabs_dot_com
http://USCyberLabs.com/blog/
http://ChinaCyberWarfare.wordpress.com
http://HacktivistBlog.wordpress.com/
YetAnotherBob
to really understand the way a cyber-war would be fought, you have to get to basics and work up.
First, go to Sun Tsu. That is the Chinese classic ‘Art of War’. The Chinese will give Sun Tsu several orders of magnitude more attention that they will to taoist superstitions.
In Sun Tsu, there are several conditions or orders of importance. First, is to understand your own troops. Next, understand the enemies troops.
Our troops are the sys admins. Theirs are the crackers. Can we detect when one of our network servers gets cracked? If so, good, we need to study the crack. If not, then bad, we don’t know if we are secure or not. Offense and defense need to be understood.
we also need weapons appropriate to the area of battle. Arrows are of limited utility in forests. Spears are of limited utility in very tall grass. Long swords are of limited utility when the battle is closely packed. Short swords are of little utility when the enemy is not close in.
What weapons do we have? This is for both offense and for defense. Can we monitor and dispatch programs to find and eliminate intrusions? Can we trace those intrusions? Can we get into computers that are sending these intrusive programs?
If not, then we need to develop more and better tools. The tools and ‘bots’ of cyberspace are the weapons of cyberwar. For this, we need real Hackers. Real Hackers are the people who write the programs that break new ground. They are not the script kiddie crackers, or the criminals who raid cracked computers. If we know of ways to interrogate other computers, we have a potential weapon. If we find a way in, an can monitor without being detected, then we have an advantage. This is how cyber war is fought.
Back to Sun Tsu, the next thing is to know the terrain. The internet is a connection of computers trading packets of information. Some terrain is helpful to you, some is not. Some terrain is harmful to the enemy but helpful to you. Some terrain is harmful to both. Victory is often achieved by using the terrain to your advantage. The internet terrain is varied, and must be understood. Where are the easiest passages, where are the hardest. What can be trusted to automatic bots that react much quicker than is humanly possible, and what cannot. This gives us the ability to look at the terrain.
Finally, we need to know the defenses. Firewalls are the first line of defense. there are many others. we need to be able to quickly monitor the firewalls on servers and routers.
Next, we must be able to look at the interfaces of the systems to determine where an attack is likely.Attacks that can be predicted are attacks that can be stopped. But, there area always unexpected areas of attack. There should also be means found to counter attack. If you can identify the enemy’s weapons, you can work to eliminate it. Best is if you can eliminate it and leave something that will make them think it is working for them, while really working for you. In many ways, spying is one of the main tools of an effective commander. Taking over the enemies weapons is sometimes better than destroying them.
The US Military has learned to pay attention to Sun Tsu. the Chinese certainly do. The strikes and counter strikes are going on all around us. Don’t worry about when the first cyber war will be fought, it has been going on for over a decade now. And it’s not just the US that is being targeted, and not just the Chinese that are launching these strikes.
Don’t believe me? Just ask Iran.
zoom6628
YetAnotherBob’s comment should have been the original article. He has identified the principles, related them to a known and trusted strategy resource (Sun Tzu), and put into context. Carr has got caught in the linguistics of using familiar words to describe unfamiliar things to the uneducated i.e. hackers trying to tell politicians whats broken and how to fix it. Cyber warefare is just one facet of the nDimensional battlefield – trade, culture, entertainment, forex, bombs, virus, psychology….. all are aspects of the modern battlefield. All are inter-connected – the astute modern warrior force (“defence” force is a stupid term invented by the PC types) will be aware of all of these and have suitable mitigation, defence and attack plans covering each aspect.
Data Virtue
From my old intro to computers text book I read as a child…”Comnputers are made of five parts, People, Procedures…..” The rest is irrelevant.
Paul
Unfortunately, the fantasy of cyber-space-time being its own separate reality harms this analysis to no end. There are many people in the US military that are going to have trouble with the current interconnectedness of computer networks and how some misguided individuals have chosen to connect critical infrastructure controls to the public Internet at large.
Similarly, in civilian infrastructure as well as some military infrastructure, basic security concepts have been lost or cast aside. Also, while other countries have cheaper labor and can simply dedicate manpower to some controls the US has in large part chosen to allow 24×7 access to these controls remotely, often through the Internet. This allows a worker to access critical infrastructure controls from home or a different office location without the need for paid staff at every location. Obviously, this also allows attackers to control this critical infrastructure after bypassing or defeating only the most basic security controls.
Also, in many cases the employees will assist attackers by using pirated software, playing pirated media and unsafe email handling. The Internet today is rife with traps for the unwary and most companies spend a huge amount of their IT staffs time and budget cleaning up after employees rather than forcing a safe and secure environment from the top down. End result is that we are open to the same kind of attack that apparently crippled the uranium enrichment plant in Iran.
What is the end result? Of course, any attacker with the motivation to do so will be able to cripple the US economy and critical infrastructure in ways that most people can’t even imagine. Today, the motivation is lacking for some reason so we are safe. Should some government like China decide to find the motivation, we are going to have major problems.
GradyPhilpottg
It would seem to me that the use of the familiar term “domain” is no more indicative of a lack of understanding of the particulars of “cyber-space-time” than the fact that Mr. Carr using the term “casting of them (yarrow stick)” means that he doesn’t understand the philosophical basis of the “I Ching.”
Perhaps the DoD doesn’t understand the Web, but the use of a term which has meaning within the culture of the government and it’s system of protocols is no indicator, unless there are more meaning indicators that Mr. Carr has failed to mention.
The DoD, regardless of their understanding of the “…vast complex system of machines, software code and services, cables, accepted protocols for compatibility, graphical pictures for human eyes, input/output connections, and electrical supports” which “operates precisely across narrow electronic bands but with such an amalgamation of redundancies, substitutions, workarounds, and quick go-to fixes that disruptions can be handled relatively well…,” must integrate their missions into understandable terms for those who fund them, namely the Congress and their constituents.
It seems to me that this article, to draw from Eastern philosophy, confuses the river bed for the river.