Tag: Cyber warfare

  • The debate on hybrid warfare and Russia

    During the conference Society and defense (Folk och Försvar), the Supreme Commander of the Swedish Armed Forces said that the Swedish people must acknowledge the contingency of war. It caused an outcry. Presumably, this is posed as a fact to make people realize that we cannot be the ever-present observer, never involved or engaged in truly troublesome things with exogenous causes. We tend to have an immunized perception of catastrophes. What disturbs me is rather how the term of hybrid warfare is used. It’s misleading, to say the least.

    Hybrid warfare is, according to an article on a book about hybrid warfare, a combination of “conventional warfare with non-conventional warfare”. According to this post on NATO’s website, “hybrid warfare entails an interplay or fusion of conventional as well as unconventional instruments of power and tools of subversion”. Prior to this, the author writes “With the advent of modern hybrid warfare, they are less and less about lethal or kinetic force.”

    Of course it depends on how war is defined (usually about a minimum of 1.000 people dead in a conflict between states or defined groups over a period of time, like two years). Is informational “warfare” an act of war? Is disinformation and misinformation “warfare”? Is cyber espionage “warfare”? Is hacking by malware and payloads “warfare”? Are they kinetic or lethal? Both of these sources refer to the Russian interference in Ukraine starting 2014, when Russia mixed conventional weapons on the ground (mainly) with disinformation and deniability, without actually declaring war on Ukraine.

    This also requires referring to the so-called Gerasimov Doctrine by Mark Galeotti. Valery Gerasimov is still the (not-so-succesful) Russian Chief of the General Staff, and current commander of the Russian forces in Ukraine, who in 2014 (what an occurence) mentioned different strategies to tackle the superiority of the West. This lead to the birth of the so-called Gerasimov Doctrine, a doctrine influential in the eyes of many Westerns, as “new thinking” on war. To combine cyber weapons and kinetic force was perceived as a new paradigm. Galoetti didn’t see it as novel.

    I turn to the political scientist Lucas Kello, author of The Virtual Weapon and International Order, to look for definitions of terms and concepts. Although he discusses the terms and consequences of cyberweapons in cyberspace, the discussion can be used to comprehend how words are used and related to a subject:

    The crucial definitional criterion of a virtual weapon lies in its intended and possible effects.

    Does Russia intend to wage war against Finland or Sweden? Most likely not. Are we at war, a prerequisite of the term? No. Kello continues:

    Cyberattack need not result in physical destruction to pose a serious danger to society. […] It is reasonable to impose limits on this language.

    You need to know when to ascribe a term and when not to. Lucas Kello asserts that even though virtual information “has become force itself” in certain situations, psychology and information have long been part of war strategy. Still, they are usually not regarded as a kinetic force, as kinetic weapons, because “human death is the highest form of physical damage.” It remains difficult to harm humans by hacking computers or deploying A.I. (yes, I’m aware of a patient dying when hackers shutdown a hospital in a ransomware attack, and yes, I’m aware of the false suggestion that an A.I.-programme killed an operator, which simply was a simulation made by humans, with no real people involved in the simulation itself).

    It’s important to keep terms apart, and as coherent and adequate as possible. Including more only fuzzies concepts, makes them so general they can’t be applicable anymore. Another important reason to keep terms clean: Sweden and Finland are not at war with Russia, which the term of hybrid warfare denotes, but still mass media and experts utters the term often. Russia is trying to strain and contain our countries, making hybrid threats the proper term rather than hybrid warfare.

    Perhaps, though, I propose a new word. Or two:

  • Book review: The Perfect Weapon

    Book review: The Perfect Weapon

    The New York Times has journalists (often called reporters, correspondents or writers) devoted to dedicated, limited subjects/topics, such as White House correspondent, lead consumer technology reporter, or national security correspondent, like David E. Sanger. He happens to be a colleague of Nicole Perlroth, author of This is how they tell me the world ends [min egen länk], and this book a kind of sibling. While she covers cybersecurity and digital espionage, he mainly covers national security, and one must read the book with that perspective.

    “The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb” it says on the back cover, and Sanger dives into cyberweapons and their implications on national and international security. American-Israeli Operation Olympic Games is the starting shot of cyberattacks on nation-states about 15 years ago. Preparations of Operation Nitro Zeus, of which I knew nothing previously, was the second, although it was never deployed. In short, Nitro Zeus was supposed to entirely shut down Iran if the US needed to bomb the country in case of attacks on Israel, by infiltrating virtually everything digital in Iran.

    Sanger explains some of the cyber warfare infrastructure of the US, such as TAO (Tailored Access Operation) and US Cyber Command, as well as the immense offensive capabilities of the US. Then he explains the infamous (and famous?) Russian hack of the Democratic National Committee is covered, unflattering as it is in his depiction of incompetence, laziness and inertness. Likewise depicted is the very serious hack of the Office of Personnel Management, when China took personal data on approximately 21,5 million American citizens (an astounding amount of personal data on people with security clearance) and 5,6 million fingerprints of important personnel in the US.

    Barack Obama managed to accomplish a kind of truce with Xi Jinping after attacks, which lasted until the Trump administration chose trade war with China. In his now famous annual address on New Year’s Eve for 2018, Xi Jinping had two books on artificial intelligence on display, carefully chosen as symbols of ambitions and interests of the Communist party the coming years. Some believe the data stolen from the US is a way to train AI, mapping both people and country.

    What the US taught its adversaries through cyberattacks and cyber espionage was how imperative this capability is, at a low cost to boot. North Korea was not a power to be reckoned with before American meddling, but now it is, just like Iran. Instead of limiting attacks and espionage to state organizations, adversaries attack and or spy on civilian (or soft) targets: municipalities, companies, large corporations, journalists, politicians, activists.

    Sanger also draws conclusions I have barely encountered before, however logical they are once read, stemming from his focus on national security. In the trove of data Edward Snowden collected and shared with a few chosen people was information on how the National Security Agency (NSA) installed their own equipment in companies’ products (like Cisco). This, not the ways NSA accessed the tech giants’ servers to spy on its own population, was the real important find. This damaged US national security and has had very serious implications in geopolitics. One aspect of this is the trade-technology-war between the US and China. Why would Americans let Chinese companies build infrastructure in the US when they knew exactly what they themselves would do, were they to build infrastructure in China? And why would the Chinese not attempt to build backdoors and make attempts to spy on the Americans at every turn, when it was proven the Americans did exactly this?

    Like Perlroth, Sanger concludes that the US is mostly to blame itself. It showed the world cyberweapons are useful. It amassed the most encompassing espionage apparatus ever, with amazing offensive capabilities. But it cannot defend itself. The US is wide open for most attackers.

    Since the release of the book, Joe Biden has become president and his administration has showed a much more ambitious approach of beginning to cybersecurity than his predecessors. The administration is deeply engaged in cyber defense and security, making it a priority in the infrastructure bill (cyber is mentioned 319 times in the Infrastructure Investment and Jobs Act), participation in conferences and speeches. The lid is off.

    Seldom have I come across a book so outstanding and worthwhile, it’s absolutely teeming with information on cyberweapons and warfare. If you’re to choose one book to read on these topics, it’s The Perfect Weapon. Besides, how could I not like a book with chapter titles like From Russia, With Love and Pandora’s Inbox?