Many believe that we are not in some sort of state of cyber warfare; it is only influence operations. These are the same people who are selling us security technologies and services to protect our environment. They believe calling our current state cyber war is hype. They believe this is demonstrated in their technologies that have doubled and tripled on solutions that do not work; solutions based solely on see, detect, and arrest. A paradigm proven over the past 20 years to be a paradigm of failure. The game of many a vendor (not all) is to generate revenue off our fear; a fear that can be remedied if we fix information security by first starting to fix information technology.
One of the problems we have is standard taxonomy and glossary. Most do not have an understanding of the basics of intelligence and war. Most feel the need to apply physical characteristics to cyber actions in order for those actions to be taken as some sort of warfare. This is a major misnomer. Let’s understand some of the glossary items below.
Information Operations (IO) – The integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own. This includes five core capabilities incorporated into IO:
1. Electronic warfare is any action involving the use of the electromagnetic spectrum or directed energy to control the spectrum, attack of an enemy, or impede enemy assaults via the spectrum.
2. Computer Network Operations (CNO) comprised of computer network attack, computer network defense, and related computer network exploitation enabling operations
3. Psychological operations: Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behaviour of foreign governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or re-inforce foreign attitudes and behaviour favourable to the originator’s objectives.
4. Military Deception: Actions executed to deliberately mislead adversary military decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission.
Counter-intelligence provides the following for MILDEC planners:
• Identification and analysis of adversary intelligence systems to determine the best deception conduits;
• Establishment and control of deception conduits within the adversary intelligence system, also known as offensive CI operations;
• Participation in counter-deception operations;
• Identification and analysis of the adversary’s intelligence system and its susceptibility to deception and surprise; and
• Feedback regarding adversary intelligence system responses to deception operations
5. Operations Security: OPSEC is a five-step iterative process that assists an organization in identifying specific pieces of information requiring protection and employing measures to protect them.
6. Identification of Critical information: Critical information is information about friendly intentions, capabilities and activities that allow an adversary to plan effectively to disrupt their operations. U.S. Army Regulation 530-1 has re-defined Critical Information into four broad categories, using the acronym CALI – Capabilities, Activities, Limitations (including vulnerabilities), and Intentions. This step results in the creation of a Critical Information List (CIL). This allows the organization to focus resources on vital information, rather than attempting to protect all classified or sensitive unclassified information. Critical information may include, but is not limited to, military deployment schedules, internal organizational information, details of security measures, etc.
7. Analysis of Threats: A threat comes from an adversary – any individual or group that may attempt to disrupt or compromise a friendly activity. Threat is further divided into adversaries with intent and capability. The greater the combined intent and capability of the adversary, the greater the threat. This step uses multiple sources, such as intelligence activities, law enforcement, and open source information to identify likely adversaries to a planned operation and prioritize their degree of threat.
8. Analysis of Vulnerabilities: Examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action. Threat can be thought of as the strength of the adversaries, while vulnerability can be thought of as the weakness of friendly organizations.
9. Assessment of Risk: First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Second, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff. Risk is calculated based on the probability of Critical Information release and the impact if such a release occurs. Probability is further sub-divided into the level of threat and the level of vulnerability. The core premise of the sub-division is that the probability of compromise is greatest when the threat is very capable and dedicated, while friendly organizations are simultaneously exposed.
10. Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, including the measures in specific OPSEC plans. Countermeasures must be continually monitored to ensure that they continue to protect current information against relevant threats. The U.S. Army Regulation 530-1 refers to “Measures” as the overarching term, with categories of “Action Control” (controlling one’s own actions); “Countermeasures” (countering adversary intelligence collection); and “Counteranalysis” (creating difficulty for adversary analysts seeking to predict friendly intent) as tools to help an OPSEC professional protect Critical Information.
Offensive Cyber Operations – Programs and activities that through the use of cyberspace, actively gather information from computers, information systems or networks; or manipulate, disrupt, deny, degrade, or destroy targeted adversary computers, information systems, or networks.
Cold War – A state of political hostility between countries characterized by threats, propaganda, and other measures short of open warfare – a conflict or dispute between two groups that does not involve actual fighting.
Cyber War – The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.