Lecture 12: Cyberwarfare Flashcards
War of Consciousness
“if you want peace, you have to win the consciousnes war” -> using information to influence thinking and get others to act in a way that is favorable to you
Information Security
Information space + information systems
Russian Information Security Doctrine
Sought to secure protection and sovereignty of Russian information space, promoted by the Gulf War and Kosovo campaign where US/NATO used information to further their objectives
Who sees themselves as under threat?
The Putin regime, due to the “color revolution”, thus they need to advance in information operations
Russia’s goal with information wars
In peacetime, undermine/weaken adversaries and prevent a victory by diverting their attention through “indirect” (non-kinetic) means -> “strategic containment” or “defensive pre-emption”
Russian National Security Strategy 2021
The need to prevent the use of information and comms tech from interfering in internal affairs, creating a safe information space and defend the Russian population
Cyber tools strengthen
Russia’s own international position (zero-sum game)
Aktivnost
“Active measures” in peace-time of non-kinetic tools to weaken adversaries, e.g. cyber attacks sponsored by Russian state
Cyber attacks take time, so…
Pressure needs to be continuously applied
Russia uses cyber warfare in which 2 spheres
Cyber-technical (techniques to hack computer systems) and cyber-psychological (manipulate people’s attitudes)
What does the cyber-psychological sphere encompass
Influencing electoral outcomes, hack-and-leak activities, doxing, encouraging societal divisions to disorient the adversary (and society)
Kompromat
Hack-and-leak
3 aims of cyber warfare
- Weaken adversaries politically and societally
- Gather information on adversaries
- Probe for vulnerabilities that can be taken advantage of later
Vnezapnost
Probing for vulnerabilities that can be taken advantage of later
Attribution problem of cyber warfare
Cyber obfuscation is a think blanket of deniability around cyber warfare where Russia can claim it was carried out by another state or non-state actor, be a false-flag operation, or loose-cannon patriot hackers
What does international law say to do about the Russian cyber threat
There are no laws specifically regarding cyber warfare, but general agreement that the UN charter also applies to cyber, meaning than any physical damage can constitute a use of force and states have the right to respond by own cyber capabilities and kinetic forces
How does the UK have to abide by the Law of Armed Conflict?
Russia is technically not doing destructive attacks, which means UK also cannot respond destructively - but they are still illegal and amount to intrusions on sovereignty
2 possible options to deter Russian attacks
- Deterrence by denial (building cyber defense, making cyber attacks costly)
- Deterrence by punishment (retaliation)
3 issues with deterrence by denial
- Is there any capability to prevent Russia from attacking?
- How do you communicate your own capabilities? How do you counteract misinformation?
- Is there any credibility to it?
7 Issues with deterrence by punishment
- How do you demonstrate your capabilities? Should you?
- Credibility?
- Attribution problem
- In UK; retaliation is illegal, but reprisal is legal for only for deterrence purposes, e.g. to make Russia stop
- Cannot target civilian infrastructure
- Reciprocity (Russian vs. UK winter)
- Discrimination
In order to deter attacks properly, NATO countries will have to
Move away from international law
Reading: From Blitzkrieg to Bitskrieg: The Military Encounter with Computers - John Arquilla
The concept of Bitskrieg describes the modern use of computers and information technology in warfare, which has transformed the nature of warfare from physical force to digital information
The concept of Blitzkrieg is still important because it emphasizes rapid decision-making, mobility and surprise, but this now encompasses cyber attacks
