Proceedings of a Workshop on Deterring Cyberattacks Informing Strategies and Developing Options for U.S. Policy (2010) / Chapter Skim
Currently Skimming:
A Framework for Thinking About Cyber Conflict and Cyber Deterrence with Possible Declaratory Policies for These Domains--Stephen J. Lukasik
A Framework for Thinking About Cyber Conflict and Cyber Deterrence with Possible Declaratory Policies for These Domains--Stephen J. Lukasik
Pages 99-122
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 99... ...
DETERRINg CybER ATTACkS The Role of Deterrence in Defense Against Cyber Attacks Defending against attacks includes actions during three periods. The pre-attack period is the most important, for it is here that deterrence can possibly be effective.
|
From page 100... ...
Deterrence, while attractive if one can pull it off, is not the only option open to a defender. The policy declarations proposed later address the full range of cyber defenses.
|
From page 101... ...
because of their flexibility, the absence of a state organization to put at risk, and the attractiveness of cyber force because of its low cost and likelihood of success. Cyber attacks are usually defined as software attacks, seen as arising from "outside" and to use the Internet or other network facilities to deliver attacker cyber force to the target.
|
From page 102... ...
National leaders may not even have a clear idea of the extent of the vulnerabilities of their computer networks. Cyber attacks can have results similar to those of psychological operations.
|
From page 103... ...
planning. To this end, it is illuminating to examine how one vocal sub-state group see the potential utility of cyber attacks.
|
From page 104... ...
The Islamic university al-Azhar in Cairo, the single most influential religious institution in the Sunni Muslim world, issued a fatwa in October 2008 approving cyber attacks against American and Israeli websites. "This is considered a type of lawful Jihad that helps Islam by paralyzing the information systems used by our enemies for their evil aims," read the fatwa.
|
From page 105... ...
Al-Qureishi describes four advantages of attacking over the Internet: cyber terrorist attacks can be conducted anonymously from a distance; the technology required is inexpensive; cyber attacks do not require exceptional skill; and few people are needed. His target list is from U.S.
|
From page 106... ...
24 Tsouli and his accomplices could have successfully combined their hacking skills A hacking primer he authored, "The Encyclopedia of Hacking the Zionist and Crusader Websites," is a popular download on the Electronic Mujahideen Network and other Jihadist websites. 25 An attack that combines conventional and cyberattack is an electromagnetic pulse weapon (EMP)
|
From page 107... ...
There are two steps involved. The first is to establish models of sub-state cyber attackers and from these compile a set of possible interventions that if imple mented and successful would result in substantial setbacks for attackers.
|
From page 108... ...
Talk depends on earned credibility, but execut able plans of action are real. Plans of action can also serve to establish the level of "forces" required, the feasibility of specific attacks, targeting doctrine, intelligence requirements, consequences of execution, training and exercises needed, "cyber force" deployments, global situation awareness, and a host of practical matters.
|
From page 109... ...
In practice, a "cyber attack" consists of transmitting software or data from one computer to another. The strategy and operational doctrines attending the exercise of cyber force have much in common with the corresponding concepts of kinetic conflict.
|
From page 110... ...
In this view, cyber force, and cyber conflict may be seen as preferable to conventional conflict by both attackers and targets. If this is the case, managing the CyCo firebreak may in the future take on the importance managing the CoN firebreak does currently.
|
From page 111... ...
In 2005 the Department of Homeland Security offered fifteen National Planning Scenarios for "plausible terrorist attacks and natural disasters that challenge the Nation's prevention and response capabilities." Four provide some calibration for what might be addressed by declaratory policies: deto nation of a 10 kT nuclear device; a major earthquake; a major hurricane; and a cyberattack. A commonly expressed concern in the cyber community is a "cyber Pearl Harbor." The 1997 report of the President's Commission on the Critical Infrastructure Protection referred to "cascading events" in what are believed to be unstable systems of systems.33 33 Critical Foundations: Protecting America's infrastructures, Report of the President's Commission on Critical Infrastructure Protec tion, The White House, October 1997.
|
From page 112... ...
What is needed to create long-lasting social and economic impacts from cyber attacks is to cause physical damage to large, expensive equipment for which spares are not available and for which manufacturing replacements is lengthy. This will be the case with damage to electrical generators, high voltage transformers, pumping stations, communication switches, routers, and server farms supporting information utilities such as cloud computing.
|
From page 113... ...
These may be situations that identify matters requiring both domestic and international efforts. Or they can take the form of a statement such as "The state supports X under condition Y." The following 11 possible declarations are suggested to encourage discussion of how declaratory policy might be employed in deterring cyber conflict.
|
From page 114... ...
systems that depend on these resources." 36 The declaration goes further, however, in that it declares open and unrestricted use of the public telecommunications facilities is a human right. This applies only to the public communication system, defined as the set of state-licensed carriers operating under the aegis of international communication agreements.
|
From page 115... ...
5. The distribution of malicious software is incompatible with the free and beneficial use of public international telecommunications facilities.
|
From page 116... ...
States shall assist in determining the origin of such malicious software when called upon by the state detect ing such software. This declaration relates to a characteristic of cyber attacks that is quite different from attacks employ ing conventional or nuclear force.
|
From page 117... ...
In one sense it says the obvious, that an attack of national significance will be taken for what it is, an attack by a sovereign state which will trig ger a justified self-defense response. What is a departure from current policy is that it puts cyber force in the category of force to which an armed response is justified.
|
From page 118... ...
Table 2 1 Protection of cyber R&D Technology aids defense as well as offense; proposes not to restrict it at this early stage in its development 2 Availability of public telecommunications Proposed as a human right for personal and economic benefits resources 3 Identity management Addresses the current anonymity on the public telecommunications network that defeats deterrence by impeding responses 4 Technical standards for network attachments Addresses the need for assurance that devices, when first connected to the public telecommunications network are free of malware 5 Ban malware distribution Malware is a cyber weapon that should be eliminated through actions by each of the states in the part of the Internet over which they have jurisdiction 6 Ban botnets Botnets are the cyber weapon delivery system that should be eliminated through actions by each of the states of the part of the Internet over which they have jurisdiction 7 No-harm-no-foul conflict termination Proposes a termination process that can be effective before the initiation of cyber conflict 8 Attribution of attacker Establishes right of a state to seek information relating to attack attribution and to hold complicit states used as transit for the attack 9 Enables early warning activities Provides a way to prevent damage pre-attack through preemption and trans-attack through damage limitation 10 Defines justification for self-defense against Establishes the circumstance under which a state can avail use of cyber force itself of its right to self-defense 11 Adjudication mechanism Requires a process for the investigation and settlement of claims
|
From page 119... ...
Table 3 Declaration Verifiable Reciprocal Robust Consistent 1 Protection of cyber R&D Y Y Y Y 2 Availability of telecommunications resources Y Y Y Y 3 Identity management Y N N Y 4 Technical standards of network attachments Y Y N Y 5 Ban malware distribution Y N Y Y 6 Ban botnets Y N Y Y 7 No-harm-no-foul conflict termination N N Y Y 8 Attribution of attacker Y N Y Y 9 Enabling early warning activities Y N N Y 10 Self-defense against cyber force Y N Y Y 11 Dispute resolution Y Y Y Y
|
From page 120... ...
Cyber attacks are not simply to be seen as the equivalent of strategic bombing without aircraft or missiles. An important element of cyber defense will be real-time control of network connectivity.
|
From page 121... ...
37 The full-text can be found in Stephen J Lukasik and Rebecca Givner-Forbes, "Deterring the Use of Cyber Force," December 14, 2009.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.