Lecture 13 & 14- Cyberwar

Question 1

War is…

Answer 1

War is
- intrinsically violent
- Instrumental
- Fought by states

War is “war is sustained combat, involving organized armed forces, resulting in a minimum 1,000 battle related fatalities in a 12-month period.”

Question 2

Where does a states power depend on and where does a state compete over?

Answer 2

States are believed to fight over the sources of national power, that could be material or non-material.
- A states power depends on:
o Geography; if you have a favorable geographical location
o National resources
o Industrial capacity
o Military preparedness
o Population
o National character
o Morale
o Quality of diplomacy
- States compete over:
o Status/Standing/Prestige
o Territorial and sovereign claims
o Values and ideology
o Rules, norms, and international institutions

Question 3

What are the Five dimensions of warfare?

Answer 3

Fifth dimension of warfare
1. Maritime
2. Land
3. Air
4. Space
5. Cyber

Question 4

What are the Layers of Cyberspace?

Answer 4

Cyberspace is made up of different layers:
- Social layer
o 1. Persona
o 2. Cyber persona
- Logical layer
o 3. Logical layer
- Physical layer
o 4. Physical network
o 5. Geographic

Question 5

What are examples of threat actors and threat vectors?

Answer 5

• Ex Threat actors are:
  o Nation-states- both for conflict and for intelligence-gathering
  o Business- corporate spying
  o Organized Crime
  o Terrorists
  o Hacktivist
  o Black-hat hackers
• Ex Threat vectors are
  o User error or negligence
  o Supply chains-third party
  o Wifi
  o USB
  o Insider

Question 6

Is cyberconflict war?

Answer 6

With cyberspace we are moving away from the binary system of war and peace, towards a greyzone, where states are competing in cyberspace under the thresholds of war. This means that cyber operations among states almost always happen between the two ends of cooperation and conflict.

Question 7

What is Cyberwar?

Answer 7

Cyberwar is war conducted in and from computers and the networks connecting them, waged by states or their proxies against other states.

Question 8

What are the challenges of war in cyberspace?

Answer 8

1. Cyberspace is a human construction, meaning its highly malleable and the underlying cyber infrastructure is always changing. But this also means that it can be manipulated, adapted and abused more easily.
2. Cyberspace spans the physical and digital world.
3. No international agreement on territoriality.
4. Fairly low cost of entry, meaning there is a multitude of different actors (including criminals) operating in the the same environment.
5. Attribution is challenging and time consuming, it is often difficult to determine where an attack came from.
6. Cyberspace is interconnected.

Question 9

What is the problem for fighting cyberwars?

Answer 9

• There is no safezone is cybersecurity
  o Everywhere that you operate can be attacked.
  o A vector for attack may even be outside of your control.
• This also means there is no clear distinction between civilians and combatants.
  In short, cyberspace is a domain of persistent threat where achieving security is an everyday challenge.

Question 10

What is the Endemic Vulnerability of Cyberspace?

Answer 10

Cyberspace contains endemic vulnerability, meaning that vulnerability is inherent to cyberspace.
- Modern operating systems and applications are extremely complex programs.
o Certain flaws in the program, called exploits, can be used by hackers as entry points.
- Zero day attacks
o A zero day is a vulnerability in a piece of software that is unknown by software developers
- Delayed patching and updating
o Even when an exploit is known -patches need to be created and computers need to be updated. But, installing updates are often delayed allowing known exploits to be used successfully

Question 11

What are the characteristics of offensive cyberspace operations?

Answer 11

Usually involve intrusion or unauthorized access.
Usually involve external control of the network over the internet.
Can be combined with a range of other techniques (including social engineering, human sources) to gain access.
At the beginning of cybersecurity vulnerability was seen as present in every system, ready to be exploited by adversaries.
- This is still kind of true. The number of potential entry points is simply too high to be completely impervious.
However, there are exaggerations in the threat perception of cyberwar. Research shows that the threat has been overstated. Part of this is that there are commercial and institutional incentives to hype the threat up, as organizations can then offer solutions that they profit from

Most of cyber incidents to date do not result in physical damage or loss of life.

Question 12

What is the relation of military law to cyberspace?

Answer 12

1. Use of Force
   a. Refers to conventional military means and is an infringement of sovereignty. Prohibition on the use of force: UN Charter Article 2(4).
2. States have a right to self-defense (a responsice use of force) only if subject to an ‘armed attack’ or helping another state (’collective self-defense’) - UN Charter Article 51.
   a. But do cyber operations ever reach the threshold of use of force or armed attack?
3. An ‘ armed attack’ is more severe than a use of force. So an unlawful use of force, short of an armed attack, would not allow self-defense.
4. An armed attack must have certain ‘ scale and effects’, which are unclear.

Question 13

What is the Tallinn Manual 2.0

Answer 13

offers the criteria for determining whether a certain cyber event constitutes a use of force
1. Severity
a. How many people were killed? How large an area was attacked? How much damage was done within this area?
2. Immediacy
a. How soon were the effects of the cyber operation felt? How quickly did its effects abate?
3. Directness
a. Was the action the proximate cause of the effects? Were there contributing causes giving rise to those effects?
4. Invasiveness
a. Did the action involve penetrating a cyber network intended to be secure? Was the locus of the action within the target country?
5. Measurability
a. How can the effects of the action be quantified? Are the effects of the action distinct from the results of parallel or competing actions? How certain is the calculation of the effects?
6. Military character
a. Did the military conduct the cyber operation? Were the armed forces the target of the cyber operation?
7. State involvement
a. Is the State directly or indirectly involved in the act in question? But for the acting State’s sake, would the action have occurred?
8. Presumptive legality
a. Has this category of action been generally characterized as a use of force, or characterized as one that is not? Are the means qualitatively similar to others presumed legitimate under international law?

Question 14

What are the difficulties of responding to cyber incidents as a state?

Answer 14

1. Cyberspace is a complex adaptive system
   a. This makes it difficult to attribute attacks and responding can cause collateral damage, unintented effects, and ‘blowback’
2. Diversity of relevant actors
   a. Difficult to attribute attacks.
3. Ease of capability proliferation
   a. This makes it difficult to attribute attacks and responding can cause collateral damage, unintented effects, and ‘blowback’.

Question 15

What are examples of intent of attackers (cyberwar)?

Answer 15

1. Public Attribution
   a. Establishing the identity of the initiator
   b. Technical attribution
   c. Political attribution
2. Economic Sanctions
   a. Asset freezes and barring business transactions.
   b. Debated purpose and effectiveness
3. Legal Indictment
   a. Formal charging of a crime
   b. Use of domestic criminal law
   c. Providing evidence that would stand up in court
4. Cyber Response
   a. Respond using cyber means
   b. Effective signaling?
   c. Potential for escalation?

Question 16

What are the core assesment variables to consider when formulating a policy response to cyberwar?

Answer 16

• Impact
• Risk
• Methods
• Costs

Question 17

What is Cyberspace (Lec 13)

Answer 17

• The interdependent network of information and communications
  technology infrastructures that includes the Internet
• How we interface with this network of networks is creating an
  evolving behavioral space that is initiating social, economic, and
  political dynamics
• While much of this behavior is benign and positive, there is a
  growing negative, even malignant use. Thus, considerations of
  cybersecurity are becoming more prominent.

Question 18

What is Cybersecurity according to the Cyber Strategy of the Netherlands?

Answer 18

Protecting confidentiality, integrity, availability of
information systems

Question 19

What are the levels where cybersecurity is practiced?

Answer 19

individual, business/non
state organizations, national governments, internationally;

Question 20

What are the type of strategies in Cyber Security?

Answer 20

defense, offense, deterrence,
preventive, preemptive, recovery;

Question 21

What are the type of threats in Cyber Security

Answer 21

external and internal

Question 22

What are the difficulties of defense in cyberspace?

Answer 22

1.
Endemic vulnerability means large attack surface
* Systems are becoming more intricate at all layers of design and use
2.
Offense is unpredictable and difficult to detect
* Attack procedure often relies on manipulation of zero-days
* Difficult to predict
* Unknown weaknesses also hinder remediation of attack
3.
Defense is hard- Starting assumption: adversary is already in our systems

4. Defense fragmentation

Majority of CI is owned/operated by private industry
How to equip private sector to handle its own protection- Hinderances: disincentives to report; unclear authority to
execute proactive measures

5. Supply chain risks
   - Data breaches
6. Attribution is hard
   Cyber operations are covert by design
   Attribution takes time
   Technical Attribution, Political Attribution

Question 23

What is CNE and CNA?

Answer 23

Computer Network Exploitation (CNE)
Enabling operations and intelligence
collection capabilities conducted
through the use of computer networks
to gather data from target or
adversary information systems or
networks.
NIST

Computer Network Attack (CNA)
Operations to disrupt, deny, degrade,
or destroy information resident in
computers and computer networks, or
the computers and networks
themselves.
USJD

Question 24

What are the offensive cyber capabilities?

Answer 24

• Deny
  To prevent the adversary from accessing and using critical information,
  systems, and services. To degrade, disrupt, or destroy access to, operation
  of, or availability of a target by a specified level for a specified time
• Destroy
  To damage a system or entity so badly that it cannot perform any function or
  be restored to a usable condition without being entirely rebuilt.
• Disrupt
  To break or interrupt the flow of information. To completely but
  temporarily deny access to, or operation of, a target for a period of time.
• Degrade
  To deny access to, or operation of, a target to a level represented as
  a percentage of capacity.

-Deceive
To cause a person to believe what is not true. Mislead
adversary decision makers by manipulating their perception of
reality. To control or change adversary’s information,
information systems, and/or networks in a desired manner

Question 25

What are the levels of severity in the Dyadi Cyber Events dataset?

Answer 25

1. Probing without kinetic cyber
2. Harassment, propagande, nuissance, disruption
3. Stealing targeted critical information
4. Widespread government, economic, military or critical private network intrusion
5. Single critical network infiltration and physical attempted destructions
6. Single critical network infilatration and widespread destruction
7. Minimal death as result of a cyber incident
8. Critical national economic disruption as result of a cyber incident
9. Critical national infrastructure destruction as a result of a cyber incident
10. Massive death as result of a cyber incident

Question 26

What are the options for response to a cyber operation?

Answer 26

1. Public Attribution
   Establishing the identity of the initiator
   Technical attribution
   Public attribution
2. Economic Sanctions
   Asset freezes and barring business transactions
   Debated purpose and effectiveness
3. Legal Indictment
   Formal charging of a crime
   Use of domestic criminal law
   Providing evidence that would stand up in court
4. Cyber Response
   * Respond using cyber means
   * Effective signaling?
   * Potential for escalation?

Question 27

What are the Core Assessment variables to consider when analysing cyber operations?

Answer 27

Impact: what are the consequences of status quo (doing nothing)? What
are the probable benefits from taking action?

Risk: what are the relative gains and losses associated with the policy
option? What effects (economic, social, organizational, political, military)
are involved both internally and externally? What are the probabilities
associated with these gains, loses, and effects? Is there a time variable—
short-term versus long-term tradeoffs?

Methods: Are the means appropriate to the end? Do the means
themselves have implications for risk and impact? Do the means set
precedent or change the ground for future policy options? (Pay attention
to tradeoff between secrecy and transparency)

Costs: What are the financial costs relative to the financial benefits? What
are the non-monetary costs and benefits? Is this the most efficient use of
resources relative to the outcome to be achieved?

Question 28

What are the two approaches for achieving security in cyberspace

Answer 28

Deterrence – Legacy Approach
Cyber Persistence – New Approach

Question 29

What are the two basic mechanisms of deterrence strategy?

Answer 29

Two basic mechanisms: denial and punishment

Deterrence by Denial (making it impossible for the other side to achieve its
goals)
The expectation that effective defenses would thwart an attack, thereby
inducing the adversary not to attack
* Discourage other from attacking you by being able to repel such an
attack.

Deterrence by Punishment (exacting an unacceptable price for achieving
adversary’s goals)
The expectation that the costs of retaliation will outweigh the benefits of a
successful attack – thus the adversary does not attack
* Raise the cost of conflict to unacceptably high levels.

Question 30

What are the requirements for successful deterrence strategy

Answer 30

• Deterrer should have sufficient capability
• The threat should be credible
• It should be possible to communicate the threat to the opponent

Question 31

What are the 4 ways of cyber deterrence?

Answer 31

Deterrence by Denial: Cyber campaigns can deter adversaries by making their aims difficult to achieve. For instance, defending critical infrastructure against cyber attacks.
Deterrence by Punishment: Threatening retaliation for hostile cyber actions can deter potential attackers.
Deterrence by Entanglement: Intertwining cyber interests can create mutual vulnerability, discouraging aggression.
Deterrence by Delegitimization: Shaping norms and taboos around cyber behaviours can deter malicious actors.

Question 32

What is Strategic (cyber) effect?

Answer 32

the use of (cyber) ways and means to effect
sources of national power relative to others; both positive (growth) and
negative (degrade).

Strategic advantage is defined as a sustainable shift in relative power

Question 33

What are the 3 forms of power and the strategic impact of cyber on the forms of power?

Answer 33

• Economic power (intellectual property loss at scale degrading product competitive
  advantage)
• Military power (comprehensive loss of military R&D; supply chain
  disruption/manipulation)
• Political power (undermining political cohesion through institutional
  delegitimization)

Question 34

What are the 3 strategic environments?

Answer 34

The three strategic environments are:
* Conventional
* Nuclear
* Cyber
Structure of cyberspace as a strategic environment is inherently different from
other strategic environments.