Cyberspace Operations Research Articles

People's War in Cyberspace: Using China's Civilian Economy in the Information Domain

China is identified as posing a key challenge to US national security interests in cyberspace. These threats are incurred across the spectrum of conflict, ranging from low-level crime, to network penetration, to cyberattacks that have the potential to cause major physical destruction. Thus far, the majority of strategic assessments of China’s cyber capabilities have focused on the role of the People’s Liberation Army (PLA), which is officially tasked with undertaking offensive operations in cyberspace.[1] However, China does not employ its cyber capabilities in isolation. Rather, it considers cyber to be part of the “Information Domain.” In Chinese doctrine, controlling the information environment entails the combined use of network, electromagnetic, intelligence, and propaganda assets in both the civilian and military spheres in conjunction with the other elements of national power to achieve strategic objectives. Consequently, over the past two decades, China has adopted a policy of augmenting its information warfare (IW) capabilities by leveraging the civilian sector (notably private institutions, academia, and civilian government institutions). This paper provides a broad survey of China’s cyber auxiliary capabilities and assesses how China uses its civilian economy as a “strategic reserve” in all four areas of the Information Domain.

Clandestine or Covert? Rethinking Secrecy in Cyberspace

Secrecy is central to the strategic and political dynamics of cyberspace operations. The ease with which actors can launch attacks while masking their identity poses serious problems for both attribution and retaliation. Yet, actors sometimes willingly claim credit for their attacks. To date, the literature has done little explain this variation. We argue that this oversight stems in large part from the failure to distinguish between two qualitatively different types of deception. Deception is not, as the literature presumes, an inherent feature of all cyber operations from beginning to end. Rather, it is only required during the planning and execution stages of an attack. Relying on deception to conceal sponsorship of an operation afterwards is a political choice. In short, while all cyber operations must be clandestine, they need not be covert. Understanding why some actors might voluntarily attribute themselves while others embrace complicity is the second task of this article. Better understanding the politics and optics of voluntary attribution is important from both a theoretical and a practical perspective.

Rules of Engagement for Cyberspace Operations

As offensive and defensive cyberspace operations are incorporated into U.S. military planning, senior leaders and commanders must address the rules of engagement (ROEs) for U.S. forces with regard to such operations. Cyber weapons do provide U.S. forces with operational choices that were previously unavailable, but traditional principles that inform rules of engagement in the physical world can and do inform rules of engagement that govern cyberspace operations as well. To a very large extent, the U.S. military seeks to integrate cyber weapons into its operational toolkit within a common framework of principles that apply to all weapons. Nevertheless, several characteristics of operations in cyberspace and the use of cyber capabilities complicate the formulation of cyber-specific ROEs, including among other things the borderless geography and range of effects possible on the Internet, ambiguity of adversary intent arising from the difficulty of distinguishing between intelligence-gathering for reconnaissance and preparation for attack, and difficulties of attribution in cyberspace. Issues related to command and control and escalation of force also play important roles in shaping ROEs. The paper concludes by noting that the U.S. military has had many decades of operational experience to inform how it formulates ROEs for kinetic weapons, and a paucity of similar experience with cyber operations will hamper the formulation of ROEs for cyber weapons unless special efforts are made to impart such experience to the appropriate leaders and commanders.

Cyberspace Operations and the People Who Perform Them

In 2009, the Department of Defense established U.S. Cyber Command to centralize and advocate for joint cyberspace operations. By 2018, the Cyber Mission Force (CMF) will consist of 6100 personnel in 133 teams that have offensive or defensive responsibilities. Although cybersecurity has been maturing for the better part of thirty years, there are important differences between cybersecurity and cyberspace operations. Cybersecurity, for instance, is focused on maintaining the confidentiality, integrity and availability of Information Technology (IT) networks. Cyberspace operations, on the other hand, are threat oriented and require enterprise-scale coordination. Many cyberspace tools are built by and for networking experts that have full privileges, access and responsibility for their networks. Such conditions rarely exist for cyberspace operations and intelligence teams. This panel will introduce the variety of roles, responsibilities and cognitive challenges in the CMF. Panelists will reserve significant time for Q&A to inform the design of future systems.

Establishment of a Feasible Cyber Organization Structure to Enhance the Capabilities of Cyberspace Operations in the ROK`s Defense Forces

The paper discusses ways of establishing a feasible cyber organization for enhancing cyber response capabilities in defense of the ROK. To prepare for the rise of cyberspace as a war-combat domain, together with the realization that cyberspace is indispensable in fulfilling operational requirements, it is essential to search for and establish a new, suitable organization for cyberspace operations. To achieve this, the author suggests a design of an organization based on the so-called “three-party authority,” the ROK’s way of managing cyberspace, the difference in each echelon’s accountability for the fulfillment of the operational requirements-mission accomplishment for its commander as well as the characteristics of cyberspace. The article also presents validation and verification of the suggested composition of the cyber organization suitable for defense of the ROK to identify its pros and cons.

The Most Governed Ungoverned Space: Legal and Policy Constraints on Military Operations in Cyberspace

Winning wars in cyberspace might sound easy: the click of a mouse or the press of the enter key on a keyboard. Yet, the web of networks that constitutes cyberspace is imbued with challenges. Seemingly every day there is a new story of a government, business, or individual, suffering from a serious hack. These hacks are often attributed to state actors or transnational criminal organizations. Combined, the almost daily revelations of serious incidents compound a common misperception that cyberspace is an ungoverned space. The reality of cyberspace, however, is far different and constitutes a complex environment of overlapping jurisdictions. The overlapping geographic, legal, and technical boundaries affect everything from the freedom of information to the decision to engage in military operations. Technical specifications as well as laws and policies established by local and national governments, international institutions, non-governmental organizations, and corporations form the decision-making framework for national policy-makers and military commanders. Understanding how all the elements of cyberspace interact provides context for when, why and how the United States engages in military operations in cyberspace. This paper examines the complexities of the environment and their impact on the decisions of states (with emphasis placed on the United States) to engage in offensive cyber operations, cyber exploitation, and defensive cyber operations against other states and non-state actors. Moreover, it examines the important role that overlapping governmental and non-governmental organizations have in affecting the types of behaviors that occur within cyberspace.

Data to Decisions for Cyberspace Operations

In 2011, the United States (U.S.) Department of Defense (DOD) named cyberspace a new operational domain. The U.S. Cyber Command and the Military Services are working to make the cyberspace environment a suitable place for achieving national objectives and enabling military command and control (C2). To effectively conduct cyberspace operations, DOD requires data and analysis of the Mission, Network, and Adversary. However, the DOD’s current data processing and analysis capabilities do not meet mission needs within critical operational timelines. This paper presents a summary of the data processing and analytics necessary to effectively conduct cyberspace operations.

Air Force Cyberspace Investment Analysis

Space and cyberspace operations are primary missions within the U.S. Armed Forces. Air Force Space Command performs investment planning for Air Force space and cyberspace missions. The command has performed space investment planning for more than 15 years using multiobjective decision analysis to assess the value of space programs for military operations and an optimization model to maximize space capabilities subject to performance, budget, schedule, and programmatic constraints. Air Force cyberspace operations and investment planning were assigned to Air Force Space Command in 2009. We developed an improved cyberspace investment analysis method using decision analysis techniques to support investment planning for the Air Force’s approximately $3.5 billion annual cyberspace investment. We developed four models to assess the value of Air Force cyberspace programs: a multiobjective decision analysis model for information technology infrastructure, a probability model to assess the capability to defend Air Force networks, a probability model to assess the capability to command and control cyberspace assets, and a probability model to assess the capability to perform cyberspace attacks when directed by national command authorities. The models were incorporated into the Air Force Space Command Integrated Planning Process and have been used for three years.

How the Design and Evolution of the United States Cyber Command Affect Its Operations

The establishment of the United States Cyber Command presents interesting research opportunities in the areas of national security agency design and national security decision making in the executive branch. This paper will examine Defense Department efforts to address emerging cyber threats by applying Zegart’s framework for agency design and agency evolution to the establishment of the command. Specifically, it explores how the policy making processes used to address cyber security and manage the Unified Command Plan affected operations. The policy implications in the conclusion may allow the Defense Department to improve military operations in cyberspace and bolster U.S. national security.

On the Spectrum of Cyberspace Operations

The paper sets out a model for analyzing cyber events along the spectrum of conflict. It includes a review of actual events, mapping them to the model.

The anatomy of a cyber power

Cyberspace, the ever-expanding manifestation of the pervasive information and communications infrastructure, is a rich environment for the projection of power and influence. Entities of all types – nation-states, corporations, terrorist and criminal organizations, and non-profit groups – are embedding critical aspects of their operations in cyberspace hoping to reap the benefits offered by the domain. Cyberspace is an equalizer. It offers all actors speed and reach, anonymity and protection, and the ability to create and participate in virtual economies and wield cyber weapons, all with a low buy-in cost. This drastically alters the power equation. The gap between major powers and lesser powers is shrinking; non-state actors could become cyber powers. This paper attempts to clarify the important notions of cyberpower and cyber power. It considers nation-states as well as non-state actors, and articulates the essential components and characteristics required to acquire and maintain cyberpower.

Easier Said than Done: Legal Reviews of Cyber Weapons

IntroductionOn June 1, 2012, author and New York Times reporter David Sanger created a sensation within the cyber-law community. Just over a year previously, Vanity Fair, among other media outlets, reported that a malware package of unprecedented complexity had effectively targeted the Iranian nuclear research program.1 The malware, which came to be known as Stuxnet, was also discovered on many computer systems outside Iran, but it did not appear to do any damage to these other systems. Just as the discussions spurred by the discovery of Stuxnet had begun to die down, the New York Times published an interview with Mr. Sanger to discuss his newest book, in which he alleged that the Stuxnet malware had been part of a U.S. planned and led covert operation. The assertion that a nation state had used a cyber attack in support of its national objectives reinvigorated the attention of cyber-law commentators, both in and out of government.What makes Stuxnet interesting as a point of discussion is that the basic functioning of the software is easy to understand and easy to categorize. A piece of software was deliberately inserted into the target systems, and physical damage was the result. However, resulting physical damage is not characteristic of most operations, and the legal analysis of Stuxnet is of limited utility when examining a broad range of activities.2 A distinct lack of physical effects is much more characteristic of operations, and the absence of physical effects has continued to complicate the legal analysis of in the context of military operations.The terms cyber attack or cyber imply the employment of weapons. But the uncertainty in the term cyber leads to equal uncertainty in identifying weapons, and great confusion about when the use of a cyber weapon is a cyber attack that creates a state of cyber warfare. There have been some excellent attempts to define cyber weapon with specificity and to use that discussion to gain a better understanding of war.3 These discussions are intellectually stimulating, but the purpose of this paper is to highlight the difficulty in transforming these broad topics of academic discussion into practical legal advice for those few practitioners advising commanders on the impact of law on operations. Military attorneys must translate academic and deeply theoretical discussions into concrete legal advice. That experience informs this article, which offers examples of how the practicalities of war may collide with the academic discourse, in the hope of informing and shaping the debate. The actual examples of capabilities and operations offered here highlight the practical issues involved in cyberspace operations, where attorneys are called upon to analyze operations under the existing legal regime regarding weapons, and the means and methods of war. Ultimately, this article concludes that treating all techniques as weapons is impractical. Rather, an assessment focusing on how a capability will be used in context, especially of the primary purpose of the capability, is more effective and consonant with international law. This approach will more clearly delineate attacks, and permit a separate discussion of the great majority of events - those that fall below the level of attack.What this paper does not do is discuss the difference between state-sponsored operations, including warfare and espionage, and crimes. Distinguishing between state uses of cyberspace, and the operations of criminal groups by examining the technical details of incidents is usually not possible. ultimately, this can only be determined by learning and assessing the motivation of the responsible party, and issues of agency and attribution may make this a near-impossible task. Agency is a particularly thorny problem. The keyboard operator may think he is merely part of a criminal enterprise stealing intellectual property or assisting in an extortion scheme, but the entity paying the bills could as easily be a government pursuing a national security agenda. …

Non-State Actors in Cyberspace Operations

Abstract The growing importance of cyberspace to modern society, and its increasing use as an arena for dispute, is becoming a national security concern for governments and armed forces globally. The special characteristics of cyberspace, such as its asymmetric nature, the lack of attribution, the low cost of entry, the legal ambiguity, and its role as an efficient medium for protest, crime, espionage and military aggression, makes it an attractive domain for nation-states as well as non-state actors in cyber conflict. This paper studies the various non-state actors who coexist in cyberspace, examines their motives and incitements, and analyzes how and when their objectives coincide with those of nation-states. Literature suggests that many nations are currently pursuing cyberwarfare capabilities, oftentimes by leveraging criminal organizations and irregular forces. Employment of such non-state actors as hacktivists, patriot hackers, and cybermilitia in state-on-state cyberspace operations has also proved to be a usable model for conducting cyberattacks. The paper concludes that cyberspace is emerging as a new tool for state power that will likely reshape future warfare. However, due to the lack of concrete cyberwarfare experience, and the limited encounters of legitimate cyberattacks, it is hard to precisely assess future effects, risks and potentials.

The Degrees of Force Exercised in the Cyber Battlespace

IntroductionEach instance of communication via the Internet depends on the transfer of confidential, readily available, and authenticated information. If this information is read, altered, or forged in any way, it jeopardizes the secure and safe operation of any service depending on the transfer of data. Thus, the exploitation of data can be leveraged in ways that can have devastating effects on modem societies. The problem with a networked society is that the international conventions on the use of force fail to sufficiently safeguard the world from the instability caused by computer attacks. This article seeks to remedy the situation by defining what kinds of actions carried out via computerized networks constitute a use of armed force or armed conflict.This article applies the existing Laws of Armed Conflict (LOAC) to three cases of computer-based attacks carried out by nation-states. In doing so, the aim is to highlight the legal limitations on actions that can be taken to respond to computer attacks. The first examination involves the wave of cyber attacks that precluded the 2008 South Ossetia War between Russia and Georgia. The second case addresses the United States' covert operation, codenamed Olympic Games. For this case, the analysis will be focused on the Stuxnet computer program. The third case utilizes LOAC to assess the acts of digital espionage carried out by the Chinese People's Liberation Army Unit 61398.Using LOAC as a legal rubric, the cases suggest that there are three distinct interpretations of computer-based operations. The case of the 2008 South Ossetia War constitutes a situation in which using computers to attack another country can be interpreted as a use of force and as an act of armed conflict. The Olympic Games operation reveals that a computer-based attack can be considered a use of force but not an act of armed conflict. The analysis of the actions of Unit 61398 shows a perspective on computer attacks that are neither a use of force nor an act of armed conflict. Each case expresses unique characteristics of operations in cyberspace. Therefore, in order to develop a legal understanding of these cases, the analysis favors an effects-based assessment of cyber attacks, pioneered by Michael Schmitt and expressed in the Tallinn Manual on the International Law Applicable to Cyber Warfare.* 1Developing a Legal Framework of Cyber Attacks Through an EffectsBased ApproachComputer-based attacks represent a subset of actions that can be described as information operations. Information operations (10) are defined as actions taken by the military in times of peace or war to affect adversary information and information systems while defending one's own information and information systems.2 Broadly speaking, 10 refers to radar jamming, psychological, and electronic means of carrying out operations. A subset of electronic 10 is called computer network operations (CNO). CNO are defined as operations to attack, deceive, degrade, disrupt, deny, exploit, and defend electronic information and infrastructure.3 Two sub-elements of CNO are attack and defense. Computer network attacks (CNA) are defined as actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers themselves.4 If the information within a computer that controls the water level in a nuclear power plant suffers any disruption to the information flow, it can have devastating physical effects.5 Each case presented in this article represents a form of CNA with its own unique effect. The effects highlighted by each case range from denial of service and theft of information to physical destruction.Due to the relatively new nature of state-sponsored international cyber attacks, this article addresses the existing body of international treaty law that includes the prohibitions on the use of force and self-defense as found in the United Nations Charter. …

ON THE OFFENSE: USING CYBER WEAPONS TO INFLUENCE COGNITIVE BEHAVIOR

There is an increasing recognition that cyber warfare is an important area of development for targeting and weaponeering, with far-reaching effects in national defense and economic security. The ability to conduct effective operations in cyberspace relies on a robust situational awareness of events occurring in both the physical and information domains, with an understanding of how they affect the cognitive domain of friendly, neutral, and adversary population sets. The dynamic nature of the battlefield complicates efforts to understand shifting adversary motivations and intentions. There are very few approaches, to date, that systematically evaluate the effects of the repertoire of cyber weapons on the cognitive, perceptual, and behavioral characteristics of the adversary. In this paper, we describe a software environment called Cognitive Cyber Weapon Selection Tool (CCWST) that simulates a scenario involving cyber weaponry. This tool provides the capabilities to test weapons which may induce behavioral state changes in the adversaries. CCWST provides the required situational awareness to the Cyber Information Operations (IO) planner to conduct intelligent weapon selection during weapon activation in order to induce the desired behavioral change in the perception of the adversary. Weapons designed to induce the cognitive state changes of deception, distraction, distrust and confusion were then tested empirically to evaluate the capabilities and expected cognitive state changes induced by these weapons. The results demonstrated that CCWST is a powerful environment within which to test and evaluate the impact of cyber weapons on influencing cognitive behavioral states during information processing. To cite this document: Preethi Vinayak Ponangi, Phani Kidambi, Dhananjai Rao, Narasimha Edala, Mary Fendley, Michael W. Haas, and S. Narayanan, On the offense: Using cyber weapons to influence cognitive behavior, International Journal of Cyber Society and Education, Vol. 5, No. 2, pp. 127-150, 2012. Permanent link to this document: http://dx.doi.org/10.7903/ijcse.1101

On the Spectrum of Cyberspace Operations

On the Spectrum of Cyberspace Operations

The need for education on phishing: a survey comparison of the UK and Qatar

PurposeThis paper seeks to focus on identifying the need for education to enhance awareness of the e‐mail phishing threat as the most effective way to reduce the risk of e‐mail phishing in one of the fastest growing economies in the world, the State of Qatar.Design/methodology/approachA survey comprising a questionnaire and interviews was used to investigate the awareness of phishing among Qatari citizens, their susceptibility to phishing and their views on the best method of defence against this attack, and this was compared to other developed nations, the UK in particular.FindingsThe paper concludes that phishing is becoming common and very successful because of people's susceptibility to such attack, largely due to insufficient awareness of the threat. Comparing Qatar with the UK, there were significant differences between responses in each country in most questionnaire variables, especially those identifying the vulnerability to phishing which was found to be very high in Qatar.Research limitations/implicationsThe paper shows that there is a particular need for education on phishing in this fast developing country.Practical implicationsThere is a growing threat in the use of phishing by hackers and some businesses to obtain information on individual users on the internet through e‐mail or the web. In some cases this has led to identity thefts and related illogical operations online both within and across countries. This paper has compared level of awareness of phishing in two countries and has the potential to shed light on attitudes and present status of e‐mail phishing with a view to developing ways of dealing with it and improving cyber security and international operations.Originality/valueThe paper adopts an innovative approach to study e‐mail phishing and compares results from two diverse countries. New ideas are advanced from the findings which are useful for understanding some operations in cyber space.

Application of International Law in Cyber Warfare Operations

In the not-so-distant future, a concerted ‘Cyber Attack’, effectuated via the Internet, could cause massive destruction to any society dependent on computer networks, especially in key target fields of transport, energy supply and communication infrastructures, leading to human casualties and serious destruction of property – reproducing the same, if not more, damage that would be caused by conventional armed attacks. Despite last decade’s abundant legal literature on the subject, not only is a clear and unambiguous international consensus regarding the legal status of Cyber Warfare Operations hitherto nonexistent, but also the views of international law scholars present a peculiarly high level of heterogeneity. Are Cyber Attacks prohibited under the non-use of force doctrine or permitted within the concept of self-defence? Are they even subject to the Law of War? In order to find answers to questions such as the aforementioned, various aspects of International Law will be applied, underlining the need for a reform of notions such as armed conflict, use of force and attack. This paper will attempt to ‘navigate’ through the ‘sea’ of multitudinous and farraginous papers written by lawyers from military, humanitarian and academic backgrounds, by dividing its corpus into the following distinct sections. In the first part, a delineation of the terms Cyberspace and Cyber Warfare Operations will be attempted, coupled with an examination of the various hacking techniques and the typology of potential attacks. Secondly, the jus ad bellum will be applied in Cyber Attacks with the goal of classifying them under the existing ‘costumes’ of ‘use of force’ and/or ‘aggression’. Their relationship with the concept of self-defence will be examined in a two-fold way. Is a Cyber Attack tantamount to an ‘armed attack’, in order to trigger the lawful right of self-defence, according to UN Charter article 51? And vice-versa, is it possible for self-defence to be waged in the form of a Cyber Attack? State responsibility will be subsequently addressed, using as a ‘compass’ the 2001 Draft Articles on State Responsibility and the relative jurisprudence by international tribunals. Thirdly, certain bedrock rules of the jus in bello will be applied in Cyber Attacks, concluding that the cardinal principles of distinction, humanity and proportionality are outdated albeit essential. Lastly, this paper will address the existing international treaty systems in the quest of determining a satisfactory framework under which Cyber Attacks can be regulated. Separate emphasis is to be laid upon on the need for the creation of a jus novum, specifically tailored to modulate this novel and multifaceted method of warfare.

An ontology‐based distributed whiteboard to determine legal responses to online cyber attacks

PurposeThis paper aims to assist investigators and attorneys addressing the legal aspects of cyber incidents, and allow them to determine the legality of a response to cyber attacks by using the Worldwide web securely.Design/methodology/approachDevelop a decision support legal whiteboard that graphically constructs legal arguments as a decision tree. The tree is constructed using a tree of questions and appending legal documents to substantiate the answers that are known to hold in anticipated legal challenges.FindingsThe tool allows participating group of attorneys to meet in cyberspace in real time and construct a legal argument graphically by using a decision tree. They can construct sub‐parts of the tree from their own legal domains. Because diverse legal domains use different nomenclatures, this tool provides the user the capability to index and search legal documents using a complex international legal ontology that goes beyond the traditional LexisNexis‐like legal databases. This ontology itself can be created using the tool from distributed locations.Originality/valueThis tool has been fine‐tuned through numerous interviews with attorneys teaching and practicing in the area of cyber crime, cyber espionage, and military operations in cyberspace. It can be used to guide forensic experts and law enforcement personnel during their active responses and off‐line examinations.