eBook - ePub
The Decision to Attack
Military and Intelligence Cyber Decision-Making
Aaron Franklin Brantly, William Keller, Scott Jones
This is a test
Share book
- 248 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
The Decision to Attack
Military and Intelligence Cyber Decision-Making
Aaron Franklin Brantly, William Keller, Scott Jones
Book details
Book preview
Table of contents
Citations
About This Book
The debate over cyber technology has resulted in new considerations for national security operations. States find themselves in an increasingly interconnected world with a diverse threat spectrum and little understanding of how decisions are made within this amorphous domain.
With The Decision to Attack, Aaron Franklin Brantly investigates how states decide to employ cyber in military and intelligence operations against other states and how rational those decisions are. In his examination, Brantly contextualizes broader cyber decision-making processes into a systematic expected utilityârational choice approach to provide a mathematical understanding of the use of cyber weapons at the state level.
Discussed:
The Key Concepts of Cyber
The Motivation and Utility for Covert Action
Digital Power
Anonymity and Attribution in Cyberspace
Cyber and Conventional Operations:
The Dynamics of Conflict
Defining the Role of Intelligence in Cyberspace
How Actors Decide to Use Cyberâa Rational
Choice Approach
Cognitive Processes and Decision-Making
in Cyberspace
Finding Meaning in the Expected Utility of
International Cyber Conflict
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is The Decision to Attack an online PDF/ePUB?
Yes, you can access The Decision to Attack by Aaron Franklin Brantly, William Keller, Scott Jones in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & International Relations. We have over one million books available in our catalogue for you to explore.
Information
CHAPTER 1
Introduction to Cyber Decision-Making
THE DEBATE OVER the importance of cyberspace has resulted in the consideration of a new domain of operation vital to national security. States find themselves in an increasingly interconnected world with a diverse threat spectrum and little understanding of how decisions are made within this amorphous domain. A great deal of ink has been spilled trying to define what cyberspace is, yet defining the domain itself is only partially helpful in trying to understand why states do what they do within the domain. This book examines whether states rationally decide to engage in offensive cyber operations against other states. To answer this question, many aspects of national security are scrutinized to determine what relevant attributes are associated with a rational decision to engage in offensive cyber operations. These attributes are contextualized into a systemic decision-making model predicated on rational expectations for utility. The book provides a framework within which to understand state decisions in cyberspace. The goals of this book are to facilitate a rigorous understanding of basic decision-making for offensive behavior within cyberspaces and to provide policy-makers with a foundation for constructing sound policies to address new and complex issues.
Is it really necessary to create an entirely new decision-making model for the cyber domain? The following chapters provide dozens of examples that establish how the cyber domain is distinct from more conventional domains of military and intelligence. What differentiates cyberspace from these other domains are four primary attributes. First, the cyber domain is man-made. Second, military capabilities across the other domains are managed through the cyber domain. Third, military and civilian aspects of the cyber domain are often intertwined and difficult to differentiate. Fourth, attribution within cyberspace is often difficult to assign. These attributes combine to create a novel domain of interaction necessitating a nuanced and rigorous decision-making model predicated on existing models for conventional state behavior.
To understand a decision it is necessary to establish an ontological foundation rooted in a fundamental nature of being. Decisions in cyberspace for the purposes of this book are rooted in a rational choice decision-making model based on Bruce Bueno de Mesquitaâs development of an expected utility theory of international conflict in which he maps out values of characteristics associated with the instigation of international conflict. The major argument contained within the subsequent chapters assumes that man and, by extension, states are rational entities. Hence the argument builds a rational actor model predicated on the assumption that nation-state cyber actors seek to achieve positive policy outcomes through the engagement of offensive operations with cyber weapons. Although the argument is rooted in a rational choice argument, it does digress in chapter 9 to present alternative cognitive approaches that might extend the debate on decisions relevant to cyberspace.
This introductory chapter has two main tasks: to outline what cyber is and why it is important, providing the reader with a framework within which to understand the topic for discussion; and to examine what conventional decision-making models have done and why they fail to account for the uniqueness of the cyber domain.
WHAT IS CYBERSPACE AND WHY IS IT IMPORTANT?
Cyberspace has a rich, albeit short, history. Begun as a project of the Advanced Research Projectâs Agency in the 1960s, it was designed to solve command and control issues arising out of the U.S.-Soviet arms race. Cyberspace is often traced to two creators, Vinton Cerf and Bob Kahn;1 however, the story of the evolution of this new domain is far more complex. Although these two pioneers in networking and TCP/IP (Transmission Control Protocol/Internet Protocol) established the protocols of the modern information renaissance, the roots of cyberspace are more accurately placed with Donald Davies, a researcher with Britainâs National Physical Laboratory, and Paul Baran, a Polish Ă©migrĂ© and researcher at RAND.2 The process of development from the early computing machines to something now recognizable as the modern Internet was a combined military and civilian effort fraught with bureaucracy, passion, and unexpected benefits along the way.3 What defines the Internet is not its intrinsic physical characteristics in the way that land is defined by its terrestrial nature, sea by vast amounts of water, and air by its fluid properties. Instead, the Internet is defined by the linking of computers and the creation of a virtual space that would evolve into a popular science fiction term coined in the 1980s as âCyberspace.â4
Computers, the basic unit of the cyber domain, run on simple coding forms constructed of 1s and 0s indicating the on and off of electrical impulses. Long chains of electrical impulses form commands. These commands are written in long blocks called code. Historically, coding was time consuming and difficult, often done on punch cards fed into machines. The difficulty of coding eventually gave rise to programming languages. These languages provided a simplified means of writing code. Coding languages are written in logical if-then statements that interact with one another. These statements are then built on top of one another into ever more complicated combinations forming firmware and software.5
Conceptually, firmware and software are directions or recipes for action that all return back to the distribution of electrical impulses within hardware.6 These impulses are incredibly fast and provide end users with a virtually seamless functional experience. However, without these impulses and the commands and the logical statements defining the commands, the computer, the fundamental particle of the cyber domain, is nothing more than a box of plastic and metal. The device is then similar to a rock: it cannot be given a verbal command or told what to do or have any existential meaning beyond its atomic structure, geoposition, mass, and volume.
The value of the cyber domain lies in its ability to create a virtual world from trillions of commands hopscotching around the world and interacting with one another in logically defined environments and in the ability of commands within digital environments to control devices. A computer is incapable of irrationality. Giving a computer competing logical statements can test the rationality of a computer. Most computer users have had this happen to them. Their computer freezes, or the mouse icon spins. The logical routine is stuck and cannot proceed.
The value of cyberspace is a reflection of connections to the systems of logic and is contained in its ability to store, interact, connect, and control. The power and danger of cyberspace is the relationship that information has with the world around it and the way in which users in a social environment access and manipulate or understand that information. Computers monitor the emergency systems of a nuclear power plant and alert operators and other systems connected to it whether core temperature is too high or too low. Information communications technologies known as industrial control systems (ICS) facilitate the safe and efficient operation of these plants. Similarly, computers often monitor where trains are within a subway system to prevent them from getting too close to one another or to alert them that a section of track is not functioning. When this code fails, as was the case in the Metro collision in Washington, D.C., in 2009, digital failure yields real-world pain.7 Cyberspace is valuable because it connectsâand controls and interacts withâaspects of our everyday lives. It is the interaction and the increasing dependence on cyberspace that influence its value.
Increasing connections cause the cyber domain to expand and increase its value. Whereas the value of land increases as it becomes scarcer or the content of that land is found to have items contained within it of value to the market, the value of cyberspace increases in a dynamic relationship with its connections. The growth in value is neither linear nor exponential; however, the value is inherent and can be easily understood.
Our lives, our hopes, and our existence in modern society are directly tied to the cyber world. We depend on magnetic strips on credit cards to feed and clothe us. We tote mobile lifelines, send e-mails, receive phone calls, and conduct commerce on electronic devices. Our bank accounts are numbers stored in computer databases, and the value of our life savings can be wiped away with a stroke of a keyboard. But beyond these modern inventions we are dependent on the electromagnetic spectrum to manage our power grids and the ordering systems that ensure our gas stations have fuel and our grocery stores have food. We donât have to plug ourselves into the matrix; we already live in it.
The domain is remarkably fragile when compared with conventional domains in that a disruption in the connections that link us to the domain can have a profound effect on our lives. It is very difficult to remove people from land without killing them, detaining them, and forcibly moving them. Land is static. People using the land must be moved to deny them access. The same is not true of cyber. To deny an individual access, all that is necessary is to turn off the power, cut the cord, or shut down an Internet service provider (ISP). Anyone who has ever tried to buy groceries during a blackout has found it extremely difficult without being in possession of previously procured hard currency, and even then most stores cannot conduct business without electricity, as their sales and inventory systems are dependent on digital connections. Not only can an individual not withdraw hard currency when the power is down, he or she cannot use a credit card to purchase goods. These connections sustain modern society and undergird the fabric of our everyday lives.
Much as the general public has become increasingly dependent on cyberspace and its increases in communications, efficiency, and general facilitation of activities in modern life, information communications technology has also dramatically altered the landscape of national security and created a revolution in military affairs.8
Cyberspace is important and dramatically affects our lives in many ways, but what is cyber? Franklin D. Kramer, Stuart H. Starr, and Larry K. Wentz acknowledge more than nineteen different definitions of cyberspace, giving a moving target, difficult to pin down.9 This book has settled on Dan Kuehlâs definition as the most encompassing of various agencies and author positions. Kuehl defines cyberspace as follows:
A global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange, and exploit information via interdependent and interconnected networks using information-communication technologies.10
The above definition is formal and difficult to fully digest. So before moving on it is necessary to deconstruct its component parts.
TABLE 1.1 Examples of Cyber-Controlled Instruments Pertinent to National Security
Satellites | Radio transmissions |
Drones | GPS |
Heads-up displays for pilots | Most modern avionics |
Communications technologies | Logistical coordination systems |
Intellipedia | Smart projectiles |
Electric grids | Power plants |
Banks | Stock exchanges |
All of the above items in some way make use of cyber for their operation. This table does not distinguish between public and private cyber domains.
Electronics: the branch of physics and technology concerned with the design of circuits using transistors and microchips, and with the behavior and movement of electrons in a semiconductor, conductor, vacuum, or gas.11
Electromagnetic Spectrum: the range of wavelengths or frequencies over which electromagnetic radiation extends.12
More simply, these two define the physical characteristics of the domain. The operational characteristics of this domain are defined by the creation, storage, modification, and exploitation of data (information). The target of operations or the asset within a domain is information. This information can be used to influence both intradomain operations (for example, how information is displayed or shared on a network) and extradomain operations, manipulating the output of an information process such as how a robot in a car manufacturing plant operates to place pieces together.
What is information? Information is a very broad concept best summarized for cyber as follows:
Information: Computing data as processed, stored, or transmitted by a computer.13
This definition hides the value the word itself contains. Data can be programs designed to operate factories, devices, power stations, and much more. But data can also be facts and figures about people, places, and things. Both types of data have value and often can be interoperable. One type is proactive in affecting digital processes; the other is static in that its value is determined by the user or consume...