Cyber Warfare
eBook - ePub

Cyber Warfare

A Multidisciplinary Analysis

  1. 196 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber Warfare

A Multidisciplinary Analysis

About this book

This book is a multi-disciplinary analysis of cyber warfare, featuring contributions by leading experts from a mixture of academic and professional backgrounds.

Cyber warfare, meaning interstate cyber aggression, is an increasingly important emerging phenomenon in international relations, with state-orchestrated (or apparently state-orchestrated) computer network attacks occurring in Estonia (2007), Georgia (2008) and Iran (2010). This method of waging warfare – given its potential to, for example, make planes fall from the sky or cause nuclear power plants to melt down – has the capacity to be as devastating as any conventional means of conducting armed conflict. Every state in the world now has a cyber-defence programme and over 120 states also have a cyber-attack programme.

While the amount of literature on cyber warfare is growing within disciplines, our understanding of the subject has been limited by a lack of cross-disciplinary engagement. In response, this book, drawn from the fields of computer science, military strategy, international law, political science and military ethics, provides a critical overview of cyber warfare for those approaching the topic from whatever angle. Chapters consider the emergence of the phenomena of cyber warfare in international affairs; what cyber-attacks are from a technological standpoint; the extent to which cyber-attacks can be attributed to state actors; the strategic value and danger posed by cyber conflict; the legal regulation of cyber-attacks, both as international uses of force and as part of an on-going armed conflict, and the ethical implications of cyber warfare.

This book will be of great interest to students of cyber warfare, cyber security, military ethics, international law, security studies and IR in general.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cyber Warfare by James A. Green in PDF and/or ePUB format, as well as other popular books in Politique et relations internationales & Histoire de l'armée et de la marine. We have over one million books available in our catalogue for you to explore.

1 A short history of cyber warfare

Richard Stiennon
DOI: 10.4324/9781315761565-1

Introduction

This chapter weaves together two strands of history that provide an understanding of the rapid rise in cyber preparedness on the part of the military and government organisations of the developed world. The first of these strands relates to the fact that networked forces hold the promise of being able to pierce the fog of war in combat, an understanding that inspired the concept of a Revolution in Military Affairs (RMA) based on Network-centric Warfare (NCW). The roots of cyber warfare can be traced back to the development of radar and radio communication and the body of technology that became known as Electronic Warfare (EW), a category that has now been subsumed by cyber warfare. In the 1990s, states became increasingly aware of the potential value of cyber operations to the furtherance of the national interest in the military sphere. Equally, as the power of networking began to impact military manoeuvres (as illustrated by the rapid deployment of the US Sixth Fleet to the Straits of Taiwan in 1995) it became apparent that with networking came vulnerabilities that could be targeted to gain military advantage.
The second strand of history, along which the development of cyber warfare can be traced, therefore concerns the rise of cyber threats. The rise of global connectivity and the impact of the Internet on commerce, communication and social interaction, have made possible attacks that, even if not directed by states, served their purposes. The increased threat of cyber-attack has been a key driver for organisational change, investment and the development of cyber capabilities by other states.
The Distributed Denial of Service (DDoS) attacks against Estonia's infrastructure (combined with pro-Russia social unrest) in April 2007 and similar attacks against Georgia's networks in August 2008 (during the short war with Russia) are the two most prominent events that sparked the formation of cyber strategies and cyber militarisation around the world in response. The effective, if only short-term, disabling in 2010 of Iran's nuclear refining operations at Natanz by the Stuxnet virus program (which was allegedly a creation of American and Israeli intelligence services, and part of the US Operation ‘Olympic Games’) further ushered in the era of projection of force by cyber means.
Tracing this history requires a working definition of ‘cyber warfare’ to avoid confusion and to constrain the discussion to pertinent events and developments, as well as to confine the inevitable thoughts on how cyber warfare is shaping fighting forces, policy development and technology challenges. It is therefore worth here reiterating the definition of the concept set out in the Introduction to this volume:
Cyber warfare is an extension of policy by actions taken in cyberspace by state actors (or by non-state actors with significant state direction or support) that constitute a serious threat to another state's security, or an action of the same nature taken in response to a serious threat to a state's security (actual or perceived).
Reference to this definition will help to avoid confusion with the other uses of cyber-attacks, namely cybercrime and ‘hacktivism’, although both of these areas are inevitably intertwined with cyber warfare because the actors involved often support the aims of sovereign states or contribute technology and methodology that are adapted by the growing cyber operations within the military or intelligence operations of states. Indeed, the roots of ‘cyber warfare’ as defined in this book are inexorably intertwined with the growth of state-directed acts of cyber espionage (or at least, apparently state-directed acts – see Chapter 3 in this volume for discussion of the technical problems associated with attributing cyber-attacks conclusively to state actors, and Chapter 5 in relation to the particular problem of so attributing such actions legally). The first section of this chapter therefore necessarily considers the implications of interstate cyber espionage – as this underpins the birth of modern cyber warfare – before turning to ‘cyber warfare’ proper.
Creating and tracking the history of cyber warfare is complicated by the lack of temporal perspective. The task brings to mind how difficult it would be to write about the evolution of the use of the long bow by a contemporaneous researcher in the decades preceding the battle of Crecy. It can be argued that the impact of cyber operations on war fighting will be felt much more in the future than it has yet been in the past. In other words, cyber warfare is still in its infancy. Having said this, the rapid rise of cyber warfare, tracked over a period of less than two decades, still presents many interesting cases of step function increases in capabilities and impacts derived from computer and network attacks.
This chapter starts with one such step function, which can be seen as a key point in relation to the emergence of interstate cyber espionage and, thus, as a crucial reference point in the history of cyber warfare: the discovery of targeted cyber-attacks against US military laboratories in 2004, which were collectively given the code name ‘Titan Rain’. The chapter then considers the importance and impact of military academic thinking in China in the early 1990s, and examines a number of other crucial cyber-attacks (beyond Titan Rain) for which China was (at least said to be) responsible. The Military–Technical Revolution (MTR) promulgated by writers in Russia following the first Gulf War, and its development and expansion in the United States into the modern RMA, is then discussed. Next the chapter moves to a consideration of three key instances of cyber warfare ‘proper’ that have occurred in recent years: the attacks on Estonia (2007), Georgia (2008) and Iran (the Stuxnet infection of 2010). Finally, the chapter examines the modern rise of cyber commands – particularly in the United States, but also in various other states – a development that very much suggests that cyber warfare is now here to stay.

The growth of cyber espionage attacks and the role of China

Titan Rain

Shawn Carpenter was a network administrator at Sandia Labs in 2003 when he was called upon to help with a forensic analysis in a breach of another Lockheed Martin facility in Florida. He has attested to being highly influenced by Clifford Stoll's book, Cuckoo's Egg, on perhaps the first recorded incident of Soviet-sponsored hacking into a US research lab, that of Lawrence Berkeley National Laboratory, in 1986. It was in Florida that Carpenter got his first experience analysing a network-based attack. He found a file on a server in China that contained a complete network scan report of the US Army post of ‘Fort Dix’ (Joint Base McGuire–Dix–Lakehurst). By the spring of 2004 Carpenter was back at Sandia and detected signs that the same attackers he had researched in Florida were probing Sandia's networks. Against the direct instructions of his supervisor, he backtracked the attacks to servers in Asia, where he found hundreds of documents belonging to multiple US research and military facilities, including Fort Dix, the Redstone Arsenal, the Defense Contract Management Agency and even the World Bank. Working in his own time Carpenter eventually became a confidential informant for the FBI and was called on to research numerous ‘Advanced Persistent Threats’ (APTs) that were together given the code name ‘Titan Rain’.
Titan Rain can be viewed as a crucial point in the history of cyber warfare, because it had two important impacts. The first of these was a seminal article on Carpenter's experience that appeared in Time Magazine (Thornburgh, 2005). That article significantly raised public awareness of Chinese cyber espionage, and therefore the possibilities for, and threat of, cyber warfare ‘proper’. Second, the initial discovery of Titan Rain in Florida set Lockheed Martin on the path to developing its theories of the ‘Cyber Kill Chain’ and how to counter such targeted attacks. Lockheed's methodology, developed in response to continuous APT-style attacks, included the use of network monitoring and malware analysis to derive key indicators of compromise (IoCs) that would then be associated with named ‘campaigns’. Similar IoCs, such as domains, IP addresses, exploits and versions of malware, would indicate a high probability of association with the same threat actors. When a new action associated with some of those IoCs occurs, those actions are treated with extreme suspicion and can be investigated further. The Cyber Kill Chain is therefore a combination of methods to detect, degrade and deny, during the phases of an attack including reconnaissance, weaponisation and delivery, and its development has been a crucial step along the path towards better cyber security.

Chinese thinking on cyber warfare

Before exploring the evolution of cyber espionage in relation to other occurrences, beyond Titan Rain, it is necessary to first consider the development of thought on cyber warfare in the early 1990s – called information warfare (IW) at the time – and, particularly, early Chinese thinking on the subject. Most of the important theoretical advances in the potential uses of IW came from Chinese writers, and, as will be discussed below, the vast majority of advanced persistent threat (APT) attacks have seemingly since originated from China: Titan Rain was just the first notable example.
Chinese theoreticians have been considering the implications of IW since at least 1993. They were quick to adopt Soviet writing on technology and modern warfare, which stressed, generally, the desirability of precision-targeting of weapons and better command and control. However, the Chinese thinking on what turned into a large body of Western writing on the RMA particularly stressed the information warfare aspects of modern technology (see e.g. Wang, 1993; Zhu et al., 1994; Dai and Shen, 1996; Shen, 1997).
According to China researcher Timothy L. Thomas (author of Decoding the Virtual Dragon, 2007, a publication of the US Army's Foreign Military Studies Office), Dr Shen Weiguang is known in China as the father of IW theory. In 1995 Shen wrote an introductory article on IW for the PLA Daily Newspaper. In it he stated that the main target of IW is the enemy's cognitive and trust systems and the goal is to exert control over the enemy's actions.
Thomas discovered more interesting thinking in a 2004 article by General Xu Xiaoyan, the former head of the Communications Department of the Chinese General Staff. Xu dissects the realm of IW. At the granular level he pointed out the need for:
[n]etwork confrontation technology – intercepting, utilizing, corrupting, and damaging the enemy's information and using false information, viruses, and other means to sabotage normal information system functions through computer networks.
(Thomas, 2007: 66)
Thomas noted that ‘[i]f Xu's suggestions were accepted, then one might expect to see more active reconnaissance and intelligence activities on the part of the PLA [the People's Liberation Army, i.e. China's military] (as seems to be occurring!)’. This observation came hot on the heels of Titan Rain. However, the United States and other targets of Chinese cyber espionage initially did very little to counter these attacks (that is, until recently, as will be examined below).

Other notable instances of Chinese cyber espionage

While incidents of Chinese cyber espionage are numerous, there are several that particularly served to heighten awareness. Espionage is an important aspect of war fighting, especially in terms of intelligence, surveillance and reconnaissance (ISR). This is particularly the case in the context of cyber warfare, as the reconnaissance phase of cyber-attacks is becoming one of the most important. There is a growing body of evidence indicating that reconnaissance has an important role in cyber war fighting (see Chapter 2 of this volume for discussion of the reconnaissance phase of cyber-attacks). Several important attacks have been enumerated by various research firms and writers, and these will be discussed below.

GhostNet (2009)

The report of a botnet that appeared to be targeting diplomatic and NGO offices that are associated with the Dalai Lama's operations in Dharamsala, India was the first that documented a digital espionage network targeting diplomatic offices. Nart Villanueve and Greg Walton of the research group SecDev were called in to investigate suspicious network and computer behaviour. Team members travelled to Dharamsala and discovered malware on multiple machines within the Dalai Lama's offices. That malware was sending information back to a command and control server (a process known as ‘beaconing’) that was not secure. This allowed the investigators to log in to the server and see the administrative console that identified the IP addresses of all of the machines in the botnet. They documented the machines as belonging to embassies, consulates and NGOs, all with a connection to southeast China and Tibet relations. The SecDev report on this ‘GhostNet’ operation found that:
[t]he investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, new...

Table of contents

  1. Cover
  2. Halftitle Page
  3. Routledge Studies
  4. Title Page
  5. Copyright Page
  6. Dedication
  7. Contents
  8. Illustrations
  9. Contributers
  10. Acknowledgments
  11. Abbreviations
  12. Introduction
  13. 1 A short history of cyber warfare
  14. 2 Understanding cyber-attacks
  15. 3 The attribution of cyber warfare
  16. 4 The strategic implications of cyber warfare
  17. 5 The regulation of cyber warfare under the jus ad bellum
  18. 6 The regulation of cyber warfare under they jus in bello
  19. 7 The relevance of the Just War Tradition to cyber warfare
  20. Index