Shaping the Future Battlespace: Offensive Cyber Warfare Tools for the Planner
Abstract
This article is written as an element of future war analysis conducted at the US Marine Corps School of Advanced Warfighting and uses primarily US doctrine and concepts relating to cyberspace. Such concepts may not correlate specifically to those used by the Australian Defence Force (ADF) or Australian Army as open source US military perspectives on cyberspace consider both defensive and offensive aspects, while Australia generally provides only a defensive view. However this article aims to provide a baseline perspective on offensive cyberspace for all planners and commanders, largely drawn from US research, but with application for the conduct of future land and joint warfare across the globe.
Rarely has something been so important and so talked about with less clarity and less apparent understanding than this phenomenon. 2
- General Hayden Director US National Security Agency and Commander US Cyber Command
speaking on cyber war development in 2011
Introduction
What does cyberspace offer strategists in the conduct of future war? This is a critical question that requires an equally critical answer. All too often planners and commanders become entangled with the tactical details of cyber — the ‘ones and zeros’ — without considering more enduring concepts for operational employment. Cyberspace also poses many legal and policy dilemmas for military commanders, particularly in relation to offensive employment. Such dilemmas in the context of land warfare may prevent full employment of all available capabilities by commanders and therefore risk the loss of tactical or operational advantage in war.
The characteristics of future cyberspace operations are likely to provide military planners with unique battlespace-shaping tools including cyber-reconnaissance, cyber-isolation and cyber-strike. If these tools are employed in conjunction with other warfighting functions, aligned with appropriate strategy and developed by planners and cyber specialists working together, the conduct of future campaigns will be significantly enhanced.
This article describes the unique characteristics of cyberspace operations that have been exploited in recent years and that have proven highly relevant to planners, including attribution, time, speed, risk, and precision. Examples cited in support of this discussion will highlight the emerging operational shaping tools of cyber- reconnaissance, isolation and strike, all of which have clear future application. Finally, planning considerations will be proposed for the employment of these tools at the strategic and operational levels of war.
Current understanding of cyberspace
The United States (US) government has emphasised the role of cyberspace as a domain of warfighting, highlighting the critical nature of cyberspace for military operations.3 US military doctrine defines cyberspace as:
A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.4
Threats
Cyber threats are presently categorised as those originating from non-nation state groups; those from nation states; and physical threats to networks.5 According to the US Director of National Intelligence, cyber threats broadly consist of cyber- espionage (accessing sensitive information) and cyber-attack (a non-kinetic offensive operation intended to create physical effects or to manipulate, disrupt or delete data).6
Conceptual
The conceptual understanding of cyberspace is currently progressing along two broad lines — defensive and offensive cyber. Defensive cyber is aimed at disrupting cyber attacks focused on gaining access to information and friendly systems and receives considerable attention. The employment of defensive cyber has been the impetus for establishing organisations such as US Cyber Command and the Australian Cyber Security Centre.7 Offensive cyber, while less developed, has two broad aims: response to cyber attacks and the conduct of proactive virtual activities to enable military operations.8
The US defines offensive cyber operations as:
… the creation of various enabling and attack effects in cyberspace, to meet or support national and combatant commanders’ objectives and to actively defend DOD or other information networks, as directed.9
Based on this definition offensive cyber operations can be ‘active defence’ and/or ‘enabling and attack effects’. ‘Active defence’ is already well developed given its close alignment to defensive cyber. The same cannot be said for ‘enabling and attack effects’ in offensive cyber. Details of this aspect of offensive cyber are closely guarded in terms of classification, sensitivity and authorisation for use.
Offensive cyber requires significant reconnaissance, resources and skilled personnel to craft weapons to exploit an enemy system’s weaknesses. Yet enabling and attack effects could be extremely useful for military planners if suitable cyber tools were available.
Observations on recent cyber operations
Reconnaissance
In 2003 security forces around the world detected the theft of information from a range of targeted nations, allegedly by the Chinese, under the codenames of TITAN RAIN and NIGHT DRAGON.10 It was unclear at the time how the stolen information would be used and whether it had been stored for use at a later stage. What was clear, however, is that this was an unmistakable example of reconnaissance conducted in the realm of cyberspace.
The conduct of general reconnaissance is necessary to understand an adversary.11 The conduct of cyber-reconnaissance is necessary to assess an adversary’s network or system, the system’s weaknesses, its defence mechanism and who is operating in the system. For the operational planner, knowing what is occurring inside the enemy’s computer systems is a vital enabler that should be exploited.
The activities allegedly conducted by the Chinese and other nation states have been labelled ‘advanced persistent threats’ (APT) by security organisations.12 APT describes high-end state-sponsored cyber attacks that are the product of many months or years of cyber-reconnaissance. Recent security analysis of attack trends suggests that these systems are designed to gain and maintain access to targeted systems to steal information and use that information for national objectives.13 One particular characteristic of these systems is the ability of organisations to maintain access to the targeted system so as to return at a later date to obtain additional data — and to do this while remaining undetected by the target.14 Such reconnaissance has usually involved a group or an individual gaining access to protected information. The application of cyber-reconnaissance in a military context therefore has great value in assessing the vulnerabilities in an adversary use of computers both during peace and in times of war.
The conduct of cyber-reconnaissance of Syrian networks, as a component of the 2007 Israeli Defense Forces (IDF) Operation Orchard (bombing of a suspected nuclear site), identified a number of exploitable weaknesses. Identification of these weaknesses enabled the alleged employment by the IDF of a sophisticated computer code to control adversary air defence systems, deceiving radar operators as to the true air threat picture. The action enabled by this cyber-reconnaissance effectively neutralised the Syrian air defence, allowing the safe passage of IDF strike aircraft.15 The employment of deception and information alteration within the adversary system shaped Operation Orchard and provides an excellent example of successful cyber-reconnaissance.
The alleged activities of China and Israel illustrate the five characteristics of cyber- reconnaissance. The first characteristic is that the nature of cyber-reconnaissance is subtly different from traditional reconnaissance:
… the nature of the reconnaissance is not simply to observe and report. The real purpose of cyberspace reconnaissance has a more scientific bent — to examine a logical structure and determine its flaws, either by observation or by experimentation.16
Second, it is extremely difficult to determine who is conducting cyber-reconnaissance and therefore who is a potential adversary. Attribution of APT to nations such as China cannot be conclusively proven due to internet routing, employment of multiple servers around the globe and the absence of any official claim of responsibility.17 Third, accessing a target system though cyber-reconnaissance takes time to develop and gaining access requires specialised skill-sets. Fourth, cyber-reconnaissance can provide unique insight into an adversary that may be cheaper, less risky and unobtainable from other intelligence sources.
Using information gleaned through cyber-reconnaissance, however, is a double- edged sword; if you act on the information collected you may lose access to the systems you invested time and resources to infiltrate. The use of ULTRA communication intercepts during World War II represents one example of weighing the costs against the benefits of acting on information sourced during cyber-like reconnaissance.18 The Allied ability to read coded German communication during the war was of immense value to planners and commanders, but decisions had to be made on how best to employ that knowledge without compromising its source. ULTRA provided significant support to deception operations, detailed awareness of German orders of battle and intentions (resulting in accurate assessments of capabilities), and had a profound influence on Allied strategy. However that information was not always complete, as enemy actions demonstrated, necessitating supplementation by other forms of intelligence.19 Cyber-reconnaissance is likely to provide similar functions to future planners.
Fifth and finally, the constant and increasing use of cyber systems by militaries and communities provides more opportunities for information exploitation through the gathering of cyber intelligence that can shape and influence the conduct of operations.20 Military planners of the future must consider the use of cyber- reconnaissance as a tool that will complement the shaping of a military operation.
Isolation
Three weeks prior to the Russian incursion into Georgia in August 2008 pro-Russian cyber-hackers allegedly overloaded the Georgian internet service providers, defaced Georgian government websites with anti-Georgian propaganda and conducted distributed denial of service attacks on government and media websites.21 Georgia’s ‘cyber’ utilities were being isolated and targeted in preparation for what was to come as part of the Five Day War. At the commencement of Russian land operations in Georgia, hacking continued with the list of targets increasing to include financial, business, educational and western media outlets. Russian hackers reportedly isolated media and government communication sites in the specific areas in which military attacks were to take place.22 At the same time cyber attacks on infrastructure that would have caused injury or mass chaos in Georgia were restricted. The effect of these actions was to isolate both the Georgian government and people from internal and external communication.23 By exploiting this isolation, the Russian government was able to significantly degrade the Georgian government’s credibility with its people and the outside world.24 Ultimately, Russian cyber operations assisted the Russian military to achieve its strategic goals in Georgia.
According to Hollis, the Five Day War represents the first case of cyber attack coordinated with other military operations.25 Reviewing the conduct of cyber manoeuvres during this war provides useful insight into future applications.
The first step may comprise the isolation in cyberspace of a military objective or operating area as a preliminary to land operations. Such isolation can include the denial of official internet services, disruption of cyber systems in an adversary network, and the denial of internet communication to outside third parties. Cyber-isolation would be particularly useful during the decisive phases of an operation in which limiting or disrupting enemy communication networks domestically and internationally may contribute to achieving military objectives. A ‘comparative inconvenience’ (isolation) was created through the disruption of banking systems, mobile telephone communication and internet access in Georgia. In addition, such isolation could alter and even damage strategic alliances.
Given the interconnected nature of cyberspace, the electronic isolation of an entire nation or even a significant portion of a nation, could create second and third order effects in other nations drawing other unwanted combatants into the conflict. Additional follow-on effects relating to cyber isolation may include the dissemination of cyber weapons outside the control of the owner, particularly given the pervasiveness of the internet, and lead to potentially undesired escalation. Identity obscuration of the cyber-attacker may also cause unintended intensification of the conflict.26 Alternatively, the same isolation could fracture an alliance before combat operations commenced, the cyber attack acting as a useful shaping action for the adversary.
Second, narrative manipulation evident through the disruption of media communication can influence the international community’s attitude to the conflict. Many media outlets use global hubs for dissemination of material through systems using nodes exploitable through the internet. Reliance on such communication systems, even satellites, is open to disruption and denial and could offer an opportunity for manipulation of the narrative of a conflict. Such manipulation could be swayed towards particular strategic messages that support the attainment of friendly or adversary goals. An example of this type of activity is the conduct of cyber actions during the conflict between Hezbollah and Israel from 2006. Both sides of the conflict conducted aggressive manipulation of social media sites, public geospatial applications (such as Google Earth) and websites to influence international and domestic opinion and attitudes.27
Manipulation of the narrative surrounding a conflict can be effected through exploitation of social media, online content and available media websites. This is potentially a very powerful cyber-shaping activity involving the full range of information operations and cyber capabilities to weaken or disrupt social understanding of a conflict. Planners could then design directed messaging to local inhabitants without enemy command influence. This element is likely to develop as a trend in future conflict given the increasingly numerous personal digital devices connected to the internet.28
Third, cyber-blockades could contribute to the disruption of the economic infrastructure of an objective area. Such blockades could be designed akin to naval blockades but focus on the neutralisation of adversary financial conduits across cyberspace, economic trade across the internet and denial of those services that use electronic systems. While this occurred for a short period of time during the Five Day War, it could be designed by planners to last for a longer period and be used in conjunction with physical blockades of land and sea entry points.
However such actions would require significant resources to be effective and would have many follow-on effects across the globe. Effects could include mistrust of global financial systems causing economic disruption outside the conflict zone, and retaliatory cyber-attacks against offenders.
To support cyber-blockades, physical attack on internet conduits could also be undertaken. There are currently a number of digital ‘choke points’ for the transfer of internet communication through undersea cable, still the dominant medium for internet traffic globally.29 These digital choke points could become the focus of physical attacks or disruption by a determined adversary. Efforts to physically disrupt digital choke points have occurred as recently as early 2013. Egyptian authorities in March 2013 detained a number of saboteurs attempting to cut the undersea internet cable at Alexandria connecting North Africa–Asia to Europe.30
Finally, in conjunction with cyber-reconnaissance, adversary cyber systems can be isolated to disrupt and corrupt the decision-making process. Degrading or modifying information that enemy decision-makers rely on can ultimately reduce the integrity of the systems and either impede operations or force the adversary to use much slower forms of command and control.
Preceded by and used in conjunction with cyber-reconnaissance, cyber-isolation, synchronised with other military operations, could be a powerful tool for future military planners. Likewise, the conduct of cyber-enabled strikes that cause physical damage offers much potential for future planners.
Strike
According to some analysts, the Stuxnet attack of 2010 was a ‘game changer’ in the realm of cyber operations. Stuxnet was a sophisticated computer virus allegedly created by either the US or Israel to attack Iranian nuclear facilities.31 Specifically the worm, discovered in June 2010, was designed to survey and then subvert very specific industrial controls relating to supervisory control and data acquisition (SCADA) systems that monitored industrial nuclear processes. A cyber- strike was conducted through a precise insertion of the virus.
The aim of Stuxnet was to destroy centrifuges used in Iran’s nuclear program by disrupting the SCADA system that controls and monitors the delicate processes within uranium enrichment machines.32 Essentially, the virus was designed to cause centrifuges to spin out of control, causing damage that disrupted the enrichment of uranium.33 Significantly with Stuxnet, the virus was designed as malware to achieve a real-world outcome — physical destruction. This physical destruction has never previously appeared as a feature of a computer virus attack.34
The virus was also able to circumvent what is known as a closed network through its ability to spread via peripheral devices. A closed network in cyberspace terms is a system not usually connected to the internet and one that is often protected by various physical security measures such as personnel access controls, guards and physical barriers. Examples of closed networks include highly classified military networks such as those used by Australia, particularly relevant for military planners when considering adversary cyber systems.
The Stuxnet case study provides four learning points concerning the act of cyber-strike. First, a virus to be used in cyber-strike needs to be sophisticated and precise.
The Stuxnet code was intricate and could selectively attack very specific industrial systems. A precise virus can only be developed through extensive cyber- reconnaissance of the target system prior to launching the attack. Precision viruses such as Stuxnet suggest to planners an ability to conduct targeted strikes against enemy facilities that may be more readily available in the future. Alternatively, planners could employ focused attacks against enemy command and control nodes or against other electronic systems that manage logistics, fuel or operations in support of other traditional military actions.
Second, Stuxnet was assessed as requiring significant time to design and build.35 Lead-time in development is an important factor to consider in the use of cyber weapons, specifically in relation to knowledge of adversary computer and defence systems. Such knowledge comes not only from cyber-reconnaissance but also from traditional intelligence collection and analysis.
A third lesson is that a closed network is never really ‘closed’. Stuxnet’s ability to strike a closed network undermined a long-held assumption that closed networks were generally more secure than open ones connected to the internet. In effect Stuxnet, through its design and employment, was able to circumvent some of the physical security barriers put in place to protect the targeted systems. Stuxnet’s designers exploited the fact that eventually a closed system has to be managed by humans and connected to a device (such as a laptop computer) that has most likely had contact with the internet. Despite security procedures in place, even highly classified military systems often exhibit such vulnerabilities and are therefore open to exploitation.36 One reaction to viruses such as Stuxnet is to significantly restrict and secure the vulnerabilities they exploited, limiting future use.
The US military, however, continues to experiment with developing a means to replicate viruses such as Stuxnet that operate without physical connections to the closed system. The US Navy is reportedly developing airborne electronic warfare systems that will be able to ‘fire’ malicious codes into closed adversary networks from up to 200 miles away.37 In a similar fashion the US Army is reportedly experimenting with techniques to insert and extract data from sealed or wired networks from a stand-off distance. Such technology has been termed ‘electronic warfare-enabled cyber’ and attempts to transmit code via radio signals into targeted computer systems.38 The potential for such weapon systems to be used in future conflict to build on the capabilities demonstrated by Stuxnet and with the capacity to enable stand-off disruption to enemy networks is significant. In effect, Stuxnet derivative future weapons are likely to negate specific modern physical defensive systems and security measures.
The final learning point observed in the Stuxnet case study focuses on the timing of cyber-strike. In most cases, cyber-strike weapons will be a ‘one-shot’ capability. Given that malicious code or viruses are developed based on the targeting of vulnerabilities in the system (either virtual or physical), once the weapon is employed, the same vulnerabilities will be realised and secured, probably preventing the cyber weapon’s future use. This contrasts with the employment of more traditional weapon systems that often retain their utility throughout a campaign.39 Of course, if the cyber-strike is timed for specific effects, one strike may be all that is required. In the use of these weapons, timing in employment is everything. Weapons such as Stuxnet or similar capabilities as illustrated in Operation Orchard have a ‘silver bullet’ capability — limited in application, but highly devastating against the right target. Employment of a warfighting tool in this manner will require focused analysis of adversary reactions and high levels of synchronisation with other warfighting functions.
This brief analysis of recent case studies has provided strong indications that cyber-reconnaissance, cyber-isolation and cyber-strike will emerge as future shaping tools for planners.
Considerations for the planner in the use of future cyber tools
Cyber-reconnaissance
Deciding on whether to exploit the advantage gained through cyber-reconnaissance is a key consideration for military planners. Should the knowledge sourced through reconnaissance support the launching of a spectacular surprise attack, or a pre-emptive disruption of an opponent’s cyber system(s)? Or will the loss of access to the opponent’s system with the employment of countermeasures be too costly to future military plans? Military planners must decide if and when to strike and be prepared to accept a potential loss in capability or access to the adversary cyber system. Such decisions should be based on strategic guidance that includes calculation of risk. Guidance that informs planners should determine whether an offensive or defensive strategy is required — each of these will have different implications for cyber warfare.
Strategic offense should rapidly gain surprise and overwhelm an adversary, but strategic defence may afford early warning through the provision of intelligence gained through analysing the effects of an adversary attack on friendly systems. In general terms, retaining the advantage generated by cyber-reconnaissance favours the strategic defence. A defensive strategy generally provides a decision- maker with the ability to detect an adversary’s actions and respond accordingly, assuming that sufficient intelligence is available. Such a strategy is particularly useful during the preliminary stages of conflict. However the conduct of offensive cyber actions within a defensive strategy, encapsulated in the idea of a counter-attack, should be a key component of any strategic defensive strategy that employs cyberspace capabilities.
The use of other intelligence disciplines, maintenance of strict operational security and appropriate cyber and physical defensive systems will assist in determining when to employ cyber-reconnaissance. Assessing which option to select and whether a risk is worth taking based on cyber-reconnaissance effects is a basic cost benefit or intelligence loss-gain equation.
Cyber-isolation
Following adequate cyber-reconnaissance, isolation of an objective by planners may also be an operational goal. The decision to conduct cyber-isolation can be taken for tactical or strategic reasons. Tactically isolating an objective may involve the local disruption of internet access or specific denial of services to cyber systems for a short period of time. Planners could ask for specific effects, such as ‘turning the lights off in a particular city at 0321 hours’ and specialists could design cyber weapons to achieve such an effect. The actions of the adversary in response to the isolation can highlight other vulnerabilities that planners should anticipate and exploit.
At the strategic and operational level, isolation is likely to involve the strangling of an area, state or organisation for a longer period of time. Isolation could be focused on affecting the nature of a cyber system, but it is most likely that isolation will be part of a synchronised national power campaign which includes other traditional warfighting functions, diplomatic activities, economic actions and particularly information capabilities. Conflicts involving graduated escalation of force to coerce an opponent could use cyber-isolation techniques such as cyber-blockades, denial of services, and narrative manipulation.
Cyber-isolation could also be used effectively to disrupt adversary alliances. Alliances can enhance the strength of a potential adversary, often creating multiple fronts of conflict. Cyber-isolation employed against one ally could dissuade it from participating in a future conflict or during the preliminary stages of war, thus reducing the number of fronts. This is particularly relevant when international or regional consensus is required to support a conflict or when a smaller adversary requires the assistance of a larger ally. Cyber-isolation could fracture an alliance by generating higher than anticipated costs to a partner through impact on communication, economic or physical infrastructures.
Isolation of an ally combined with deception actions through cyber could also prove a useful component in future campaigns. Cyber-isolation could achieve a level of surprise in terms of strategic attack timings and locations. In addition, the conduct of deception and, importantly, measuring deception effects — often observed through enemy command and control reactions — could be significantly enhanced with the use of synchronised cyber operations.
Cyber-strike
Cyber-strike should be employed sparingly given the time it takes to develop a virus that is precise, guided and sophisticated. In some cases the cost of developing and employing a cyber-strike weapon may not be worth the outlay of time and resources. In other cases cyber-reconnaissance may reveal that there are fewer vulnerabilities to exploit using cyber than planners anticipated. Adversary counter-action capabilities and intentions must also factor in any decision to employ cyber-strike weapons, as should potential follow-on effects.
Significant risk assessment is also required prior to cyber-strike employment, not unlike that for kinetic strike operations. Risk assessment is required to judge collateral damage, second and third order effects and likely adversary reactions. Cyber-strike can and should be employed to achieve initial offensive advantage to disrupt command, control and intelligence systems during the opening stages of an offensive, or to confuse and misdirect an opponent’s reactions as part of a deception plan. An adversary’s critical infrastructure could also be targeted using cyber-strike to disrupt essential services to civilians and deny supporting assets to militaries in conjunction with other military actions.
Planners and specialists
The employment of the three cyber-shaping tools in a military operation will provide an edge over potential adversaries. To maximise these effects, planners and cyber-specialists, both those designing and crafting the cyber weapons and their managers, need to maintain constant dialogue. This dialogue is vital to reach a shared understanding of the problem and likely solutions, and is best achieved through the presence of cyber specialists within planning teams and deployed headquarters. Guided by this shared understanding, cyber specialists can then provide optimum support to planners and ensure that they are in a position to leverage the most from what cyberspace can offer the warfighter.
Conclusion
As military forces across the globe wrestle with the impact of cyberspace and a vastly more digitally connected battlespace, planners of the future will require a sound understanding of cyberspace and what it can offer commanders to support military success. Success for planners at the operational level will involve the articulation and execution of operations and campaigns that achieve the goals and political objectives set for them. Current and future developments in cyberspace offer planners a number of tools to assist in the crafting of successful designs through shaping of the battlespace. The cyber-shaping tools described in this article provide a broad approach to maximising the unique characteristics of cyberspace. As future adversaries continue to explore more technical and digitally connected means, the demonstrated characteristics of cyberspace operations will provide military planners with unique battlespace-shaping tools, including cyber-reconnaissance, isolation and strike that can significantly enhance the future conduct of warfighting.
Endnotes
1 This article is based on a future war paper submitted in partial fulfillment of the requirements for the degree of Master of Operational Studies from the US Marine Corps School of Advanced Warfighting, and is published with permission of the US Marine Corps University.
2 M.V. Hayden, ‘The Future of Things “Cyber”’, Strategic Studies Quarterly, Vol. 5, No. 1, Spring 2011, p. 3.
3 United States Department of Defense, Department of Defense Strategy for Operating in Cyberspace, Department of Defense, Washington DC, July 2011, p. 5.
4 United States Department of Defense, Joint Publication 1-02 Dictionary of Military and Associated Terms, Department of Defense, Washington DC, 15 May 2011, p. 93.
5 United States Cyber Command, Tri-fold Information Booklet Version 13, US DoD Cybersecurity Website, October 2010, at: http://www.defense.gov/home/features/2010/0410_cybersec/ (accessed 5 January 2013).
6 J.R. Clapper, ‘Worldwide Threat Assessment of the US Intelligence Community,’ Statement for the Record to Senate Select Committee on Intelligence, 12 March 2013, p. 1.
7 US Cyber Command was established at full operating capability in October 2010. United States Government Accountability Office, ‘Defense Department Cyber Efforts – More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities’, GAO-11-421 Report to Congressional Requesters, May 2011, p. 5; Defence News, ‘Australian cyber security centre to be established’, Australian Defence Force Website, 24 January 2013 at: http://www.defence.gov.au/defencenews/stories/2013/jan/0124.htm (accessed 1 August 2013).
8 One reason for a lack of clarity on this line of discussion is the pace of development of threats and countermeasures in cyberspace, coupled with the highly classified and sensitive nature of offensive cyberspace capabilities. Author’s own assessment based on interviews with US CYBERCOMD personnel, November 2012.
9 United States Government Accountability Office, p. 5.
10 McAfee, ‘Global Energy Cyberattacks: “Night Dragon”’, White Paper, McAfee Foundstone Professional Services and McAfee Labs, 10 February 2011, p. 4; Nathan Thornburgh, ‘Invasion of the Chinese Cyberspies’, Time Magazine, 29 August 2005, pp. 2–5, at: http:// www.time.com/time/magazine/article/0,9171,1098961-4,00.html (accessed 1 April 2013). The later article discusses TITAN RAIN operations in detail, including the quantity and type of information obtained through cyber-espionage.
11 United States Department of Defense, Joint Publication 1-02, p. 305.
12 B. Krekel, ‘Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation’, US-China Economic and Security Review Commission, Northrop Grumman Corporation, Mclean, VA, 9 October 2009; M. Mandiant, ‘Trends Report:
The Advanced Persistent Threat’ (January 2010), at: http://www.mandiant.com/ (accessed 20 February 2013).
13 P. Singer, ‘The Future of National Security, By the Numbers’, Brookings Institute article, May 2011, at: http://www.brookings.edu/research/articles/2011/05/national-security-si… (accessed 20 February 2013).
14 Mandiant, ‘APT 1 – Exposing One of China’s Cyber Espionage Units’ (February 2013), at: http://www.mandiant.com/ (accessed 20 February 2013). Security analysis of APT
reconnaissance and attacks provide a model of the cyber-reconnaissance and attack. This model in many respects mirrors that of enduring national intelligence targeting models that aim to gain and maintain access to a source of intelligence (author’s own assessment).
15 J.A. Lewis, ‘Cybersecurity: Assessing the Immediate Threat to the United States’, Statement before the House Oversight and Government Reform Committee, Center for Strategic
and International Studies, 25 May 2011, p. 1, at: http://csis.org/files/ts110525_lewis.pdf (accessed 2 December 2012); John A. Tirpak, ‘The Syria Question’, Air Force Magazine, Vol. 96, No. 3, March 2013, p. 30.
16 M.C. Libicki, ‘Cyber War is Not a Warfighting Domain’, A Journal of Law and Policy for the Information Society, Vol. 8, No. 2, Fall 2012, p. 330.
17 R. Deibert and R. Rohozinski, ‘Tracking GhostNet – Investigating a Cyber Espionage Network’, Information Warfare Monitor, 29 March 2009, p. 4, at: http://infowar-monitor-net/ghostnet (accessed 18 January 2013).
18 A brief but useful overview on the background and employment of ULTRA and other Allied signals intelligence during World War II is provided in Jeffrey T. Richelson, A Century of Spies – Intelligence in the Twentieth Century, Oxford University Press, UK, 1995, pp. 173–97.
19 H.C. Deutsch, ‘The Influence of ULTRA on World War II’, Parameters, Journal of US Army War College, Vol. 3, No. 5, December 1978, p. 10.
20 M. Zappa, ‘Envisioning Technology for 2012 and Beyond’, Infographic, Envision Technology, 25 February 2012, p. 1.
21 P. Shakarian, ‘The 2008 Russian Cyber Campaign Against Georgia’, Military Review, November-December 2011, p. 64.
22 J. Bumgarner and S. Borg, ‘Overview by the US-CCU of the Cyber Campaign against Georgia in August of 2008’, US Cyber Consequences Unit Special Report, Washington DC, August 2009, pp. 5–7.
23 R.M. Crowell, War in the Information Age: A Primer for Cyberspace Operations in 21st Century Warfare, Naval War College Academic Paper, Newport, RI, 2010, p. 14.
24 D. Hollis, ‘Cyberwar Case Study: Georgia 2008,’ Small Wars Journal, 6 January 2011, p. 2.
25 Ibid.
26 D. Betz, ‘”Cyber War” Is Not Coming,’ Infinity Journal, Issue No. 3, Summer 2011, p. 23.
27 H.M. Al-Rizzo, ‘The Undeclared Cyberspace War Between Hezbollah and Israel’,
Contemporary Arab Affairs, Vol. 1, No. 3, July 2008, p. 400.
28 M. Zappa, ‘Envisioning Technology for 2012 and Beyond’, p. 1.
29 Submarine Cable Map 2012, at: http://submarine-cable-map-2012.telegeography.com/ (accessed 28 December 2012); Franz-Stefan Gady, ‘Undersea Cables: The Achilles Heel of our Economies’, Huffington Post, 21 December 2010, at: http://www.huffingtonpost.com/ franzstefan-gady/undersea-cables-the-achil_b_799808.html (accessed 30 December 2012).
30 L. Mirani, ‘Forget about the CyberBunker attack – here’s how to take an entire continent offline’, Quartz Online, 28 March 2013, at: http://qz.com/68115/forget-about-the- cyberbunker-attack-heres-how-to-take-an-entire-continent-offline/ (accessed 3 April 2013);
Egyptian Navy Facebook Site, at: https://www.facebook.com/Egyptian.Navy (accessed 3 April 2013).
31 The Stuxnet attack was reportedly known as Operation Olympic Games. David E. Sanger, Confront and Conceal – Obama’s Secret Wars and Surprising Use of American Power, Random House, New York, NY, 2012, p. 188.
32 S. Collins and S. McCombie, ‘Stuxnet: the Emergence of a New Cyber Weapon and its Implications’, Journal of Policing, Intelligence and Counter Terrorism, Vol. 7, No. 1, April 2012, p. 84.
33 Ibid., p. 86.
34 Ibid., p. 87.
35 Ibid., p. 86.
36 N. Shachtman, ‘Insiders Doubt 2008 Pentagon Hack was Foreign Spy Attack’ (updated), Wired Magazine Danger Room, 24 August 2010, at: http://www.wired. com/dangerroom/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy- attack/#more-29819 (accessed 25 February 2013).
37 D.A. Fulghum, ‘US Navy Wants to Field Cyber-Attack System’, Military.com, 31 March 2010, at: http://www.military.com/features/0,15240,212940,00.html (accessed 3 January 2013).
38 Z. Fryer-Biggs, ‘Cyberwar’s Holy Grail’, C4ISR Journal, January/February 2013, pp. 26–27.
39 Libicki, ‘Cyber War is Not a Warfighting Domain’, p. 331.
