“cyber: the new battle space?”

There is significant debate in military circles about whether cyber has become the fifth warfighting domain. Traditional doctrine was directed towards operations on land and sea, and a combination of the two. History is well populated with examples of strategic operations combining operations on land supported by sea and vice versa. In the early 20th century, air was added as a third warfighting domain with increasing effect as a range of technologies have rapidly increased capability.

In the second half of the 20th century, space became the fourth warfighting domain and there is vigorous debate amongst practitioners and theorists about whether the cyber environment constitutes the fifth. There are a number of parallel lines of debate, however the central theme is focused on whether the cyber environment (sometimes known as cyberspace) is a discrete area of operations or whether it is a more pervasive concept that runs through all of the other domains.

Part of the principal challenge lies in the fact that whilst land, sea, air and space are physically distinct and are defined by similar criteria, cyberspace is defined in a different way, existing on an electronic plane rather than a physical and chemical one. Some would argue that cyber space is a vein which runs through the other four warfighting domains and exists as a common component rather than as a discrete domain. One can easily see how cyber operations can easily play a significant role in land, sea, air or space warfare, due to the technology employed in each of these domains.

On the other hand, this distinction is dependent on the way that we define the various domains. If our definitions are underpinned by a purely physical paradigm, then it is arguable that cyberspace is a very different type of context to the traditional warfighting domains. If, however, our definitions are based on an operational paradigm, then the distinction is less clear. It is possible to conduct entire operations in the cyber environment, made possible by the interconnected nature of the Internet and associated infrastructures. In the same way, it is common to have joint operations operating across multiple domains, including the cyber environment, and the cyber environment isn’t restricted to military warfighting scenarios.

A good example of a comprehensive cyber campaign occurred in April 2007, when Estonia was subjected to a wide range of concerted cyber attacks across a broad spectrum of government, commercial, industrial and media organizations. This sophisticated campaign effectively crippled a significant proportion of the Estonian National infrastructure whilst the attack was taking place. It is interesting that in the wake of the attack, Estonia has developed one of the most significant cyber defence infrastructures in existence.

Another example occurred a year later, in 2008 during the South Ossetia conflict where kinetic operations were preceded by a widespread cyber campaign which effectively blinded the defenders in advance of a rapid Russian advance. In this case cyber was used as part of a blended strategy which achieved strategic disruption of Georgian Public Service infrastructure thus enabling surprise. There are a range of other examples of the use of cyber as either a tool to achieve dislocation or disruption at a strategic level. The list grows steadily as more varied compromises are discovered across a range of government and industrial targets in a range of countries.

Cyber Operations Spectrum

Though operations in cyberspace are complex, they can be simplified, to some extent, by the cyber operations spectrum. This divides cyber operations into 3 areas:

  • Defence — Defensive operations take up approximately 80% of cyber activity. This constitutes the work that is (or should be) undertaken by all individuals or organizations. It ranges from simple protection of individual personal equipment to complex security management architectures.
  • Exploitation — Exploitation is covert activity conducted within an adversaries area of operations. This is generally invisible to the defender (unless compromised by the defender). Exploitation operations range from preparatory activity conducted to enable future activity to protracted information farming operations which are designed to generate intelligence over a protracted period of time.
  • Attack — The overt phase when effect is brought to bear on a target. There are a wide range of exploits and strategies associated with this phase. It should be noted that a visible attack may well have been preceded by invisible exploitation operations.

A knowledge of where current operations lie within the cyber spectrum is critical to a clear understanding of the cyber environment. It is also helpful to view the actions of adversaries in this context in order to try to understand the adversarial plan and predict their likely future actions.

Traditional protective strategies were often based on the defence of boundaries and perimeters. Whether defended by technology or, in some cases, complete air gaps, boundary based defence was initially effective until attackers found ways to achieve a breach, whether by compromising vulnerable technology or bridging air gaps, as could be seen, for example, in the Stuxnet attack on the Iranian nuclear processing facility (Kerr et al. 2010). This boundary-based model is increasingly seen as flawed due to the enormous complexity and granularity of the cyber environment. Increasingly, defensive architectures are seen to be resilient matrices of multiple defensive components. It is no longer credible for organizations to assume that they are completely safe. The sensible security strategy now focuses on raising the bar to reduce the likelihood of a successful attack, but to assume that a proportion of attacks will be successful, but to have the mechanisms in place to identify and manage these events when they occur. Organizations must also ensure that operational architectures are sufficiently resilient to enable them to continue to operate whilst ‘under fire’. This has resulted in a subtle but tangible shift from purely protective postures to proactive intelligence management within organizations.

In many cases, the compromise of technology is achieved indirectly. This often involves the compromise of people. A wide and often sophisticated range of social engineering attacks are employed in order to compromise technology using traditional human weaknesses, including greed, curiosity, insecurity and ignorance. The dependence of cyberspace on people also extends the scope of compromise from direct attacks on target systems, to indirect targeting of social, economic, commercial and financial architectures. The traditional ‘high threat club’ (those organizations who are known to represent high value targets to attackers) are no longer the only organizations with a requirement for active and dynamic information security infrastructures. Information security is now a critical aspect of corporate governance across the organizational spectrum.

Dynamics of the Cyber Environment

If we assume that warfare is generally a strategic approach by which one or more parties seek to impose their will on another by force, then the cyber environment provides a range of opportunities for attackers and defenders alike. At an operational and tactical level, disruption or dislocation operations can be mounted against a range of kinetic and information based targets. Objectives can range from the destruction of targets to rendering them unusable to an adversary (often through information attacks on the integrity of particular assets), through intelligence gathering, deception and other information operations. At a strategic level, cyber operations provide opportunities to compromise national infrastructures and populations at a systemic level, through attacks on critical national infrastructure targets and services such as financial services, utilities (water, power, waste, etc), telecommunications and emergency response frameworks.

An important driver for the cyber environment is that it effectively becomes an asymmetric enabler. Cyber operations provide a viable attack vector for small nations or influence groups that enables them to directly engage even the largest power bases (military or otherwise) worldwide. One of the effects of the advent of the cyber environment has been to remove much of what Clausewitz (1873) termed the friction of war. This is exacerbated by the fact that tempo changes are possible, where operations can move rapidly from slow, covert activity to high intensity attack activity with little physical impact.

History has shown that an ability to switch tempo in battle has enormous value in its ability to unhinge adversaries and to compromise their will and ability to fight. This is one of the characteristics that lies at the heart of the ‘manoeuverist’ doctrine that underpins much of the 20th century warfighting doctrine. Manoeuver warfare is a potentially complex doctrine which is built on simple principles which shape the chosen battlefield through knowledge, understanding and agility. The British Army describes the manoeuverist approach as follows:

“This is an indirect approach which emphasizes understanding and targeting the conceptual and moral components of an adversary’s fighting power as well as attacking the physical component. Influencing perceptions and breaking or protecting cohesion and will are essential. The approach involves using and threatening to use force in combinations of violent and non-violent means. It concentrates on seizing the initiative and applying strength against weakness and vulnerability, while protecting the same on our own side. The contemporary Manoeuvrist Approach requires a certain attitude of mind, practical knowledge and a philosophy of command that promotes initiative”

(Ministry of Defence, 2010, Chapter 5).

The cyber environment provides an additional dimension within which agility can be achieved, and initiative seized. It is, perhaps, instructive that the practical application of the manoeuverist approach is broken down into the following components:

  • Understanding the situation — using information, intelligence and intuition coupled with a sound understanding of objectives and desired outcomes.
  • Influencing perceptions — planning, gaining and maintaining influence, and the management of key stakeholders.
  • Seizing and holding the initiative — Ensuring that we hold the ability to dictate the course of events, through competitive advantage, awareness and anticipation.
  • Breaking cohesion and will in our adversaries — Preventing our adversaries from being able to co-ordinate actions effectively, and compromise their determination to persist.
  • Protecting cohesion and will in ourselves and our allies — Enabling our own freedom of action and ability to co-ordinate our resources, ensuring that we retain the will and coherence to operate.
  • Enhancing and evolving the approach through innovation — The approach is enhanced through simplicity, flexibility, tempo, momentum and simultaneity.

All of these components are areas where cyber operations can play a significant part both for the attacker and the defender. In military terms, cyber may be seen as a force multiplier, increasing the effect of existing operational capability. There is, however, another side, in that these principles and components can be applied to operations in the cyber environment and, if applied with flexibility, can provide structure to planning.

To return to the initial question — has cyber become the new battlespace? — whilst the role of the cyber environment as a fully-fledged warfighting domain is open to sustained debate, it is very clear that the cyber environment is one in which it is possible to conduct a range of targeted operations. It is also clear that these operations may be conducted in isolation, or in conjunction with operations in the kinetic sphere (in any of the four principal warfighting domains.)

However we eventually decide to classify this area, we must ensure that we are able to operate within it, at least as effectively as our adversaries are able to. As such, it would be prudent to consider it to be a battlespace, and a high tempo battlespace in which our native situational awareness is limited. It is also a battlespace in which our ability to maintain an agile, proactive posture is critical to our ability to gain and maintain the initiative.

 

In next blog, I will elaborate on the association between the battlespace and situational awareness.