Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki

[delchi delchi <delchi () gmail com>]

"But in war more than in any other subject we must begin by looking at
the nature of the whole; for here more than elsewhere the part and the
whole must always be thought of together. "
-- Karl Von Clausewitz

Cyber-war is nothing more than a buzword designed to discuss a
specific type of war. In the end it's no more or less than saying that
you are engaged in a 'shooting war' , a 'tank war' or an 'air war'. As
each new technology emerges it finds it's way into war sooner or later
and creates a new type of warfare. Still at the heart of the matter
remains conflict between  opposing sides. I feel that the idea of
hacking being "as kinetic as a cruise missile" is spot on. Arguing
that a cruise missile can hit any target but you can block a hack is
short sighted. So you patched your systems against known attacks, but
you can't possibly protect against the unknown. A missile can be taken
down by  anti-missile technology  that you may not know exists until
the first shot is fired. In war, as in business, we keep tight to the
vest our best kept secret weapons ( both offensive and defensive ) and
only take them out when needed. Once used they are in the open, known,
and can be compromised. So even if you switch from Windows to Mac to
Ubuntu to TRSDOS at some point in the war someone will have or develop
a weapon tailored especially for you. Combine this with the
overwhelming use of technology in modern warfare and a simple hack can
destroy a target as effectively as a missile. The use of a emerging
technology as a weapon does not change the base nature or strategy of
war. It is nothing more than another tool in the arsenal. Warfare has
been revolutionized time and again with inventions like the crossbow,
gunpowder, the armored tank, and the airplane. Why should the art of
hacking be seen or treated any differently? Where is the difference in
pushing a button that launches a missile to exert kinetic destruction
on an industrial pant and a button that unleashes a piece of software
causing the machinery in the plant to malfunction & kinetically self
destruct?

The tools of war have been, and will continue to be, as diverse and
advanced as technology can provide, but they all maintain the same
base purpose.


( An equal truth is that "No plan of operations extends with certainty
beyond the first encounter with the enemy's main strength" (Helmuth
von Moltke). ... but we all know that one by heart )


,


On Mon, Mar 21, 2011 at 7:43 PM, Val Smith <valsmith () attackresearch com> wrote:
> There is a fundamental problem with this discussion. Those who actually
> work in the field of cyber-war (if it exists ;) can't comment, or can
> only comment in a vague way or one which disinforms. At least in this
> country and probably the others.
>
> Those who can and do comment generally have no actual 1st hand
> experience with cyber-war, and so really don't know what they are
> talking about (more or less).
>
> But if one were to guess, perhaps the cyber "weapon" is a component to a
> larger layered attack and that the existence of stuxnet doesn't indicate
> a singular event but a hint at something larger we really know nothing
> about.
>
> Kinda reminds me of blackhats and the rest of the worlds semi-lack of
> knowledge about them, with the occasional hint (zf0, h0n0,
> pr0j3ktm3yh3m, etc.)
>
> V.
>
> Who is the cyber-von-clauswitz ?
>
> On Mon, 2011-03-21 at 13:48 -0400, Ron Gula wrote:
> > I'm not sure I agree. Technically, sure, you can hack into things and
> > take them out. However, comparing hacking to a cruise missile is a
> > stretch. I can patch my systems today and your cyber-attack tomorrow is
> > foiled. Or maybe I switch from Mac to Windows. A Tomahawk cruise missile
> > is just as effective against a Russian radar system or a French one.
> >
> > Don't get me wrong - hacking, backdoors, denial of service, altering
> > messages, decrypting sensitive messages .etc all have their place. I
> > just think the categories are cyber intelligence, terrorism, espionage,
> > sabotage or crime but not "warfare".
> >
> > We've been doing intel, terror, spying, sabotage and crime for a long
> > time and the tools have just changed with the introduction of
> > hyper-connected computers and targets.
> >
> > -- Ron Gula, CEO Tenable Network Security http://www.tenable.com
> >
> > On 3/20/2011 10:52 PM, greg hoglund wrote:
> > > > I agree with you Dave.  Cyberwar is technical.  Granted, like any war,
> > > > it must be backed by intel and psyops.  But, like any war, the kills
> > > > people see in the press are kinetic.  Cruise missiles are technical,
> > > > and kinetic.  But, everything is backed by intel.  Even missiles.  In
> > > > cyber, the importance of HUMINT far outweighs that of kinetic damage.
> > > > The technology is new and different, but the classic principle
> > > > applies.  This war is not new.
> > > >
> > > > -Greg
> > > >
> > > >
> > > > On Sunday, March 20, 2011, Dave Aitel <dave.aitel () gmail com> wrote:
> > > > > > Paper Review
> > > > > > Cyberwar as a Confidence Game
> > > > > > Martin C. Libicki
> > > > > > http://www.au.af.mil/au/ssq/2011/spring/libicki.pdf
> > > > > >
> > > > > > Here's the last line, which sums it up nicely:
> > > > > > """
> > > > > > Building up our offensive
> > > > > > capabilities is a confidence game. It says to those who would
> > compete in
> > > > > > our league: are you confident enough in your cyberwar skills that
> > you can
> > > > > > build your military to rely on information systems and the
> > machines that
> > > > > > take their orders?
> > > > > > """
> > > > > >
> > > > > > One thing missing from this paper is any evidence that this kind of
> > > > > > logic (aka, Fear Uncertainty and Doubt in military information systems
> > > > > > as applied to network centric warfare) has any real-world effect.
> > > > > > Militaries (including our own) simply don't take these things into
> > > > > > account when deploying new systems.
> > > > > >
> > > > > > But the main anomaly in the paper is simple: He treats Stuxnet as an
> > > > > > aberration, rather than the tip of the iceberg that finally made the
> > > > > > newspapers. And this leads him (and most other strategic analysts) to
> > > > > > conclude that hacking does not have real world effects. I have to
> > > > > > assume this is the WWII legacy of Enigma - where in order to take
> > > > > > advantage of intelligence you had to go out and order your sub killers
> > > > > > to go sink a boat. But just because hacking is tied to intelligence
> > > > > > bodies in most countries, and staffed with people who look and act a
> > > > > > lot like intelligence officers, does not make it the same thing.
> > > > > > Hacking is as kinetic as a cruise missile when you do it right.
> > > > > >
> > > > > > -dave
> > > > > > (This is a first in a series of posts where-in we all get to review
> > > > > > the Strategic Studies Quarterly's Spring Cyber-War papers -
> > > > > > http://www.au.af.mil/au/ssq/ ).
> > > > > > _______________________________________________
> > > > > > Dailydave mailing list
> > > > > > Dailydave () lists immunityinc com
> > > > > > https://lists.immunityinc.com/mailman/listinfo/dailydave
> > > > _______________________________________________
> > > > Dailydave mailing list
> > > > Dailydave () lists immunityinc com
> > > > https://lists.immunityinc.com/mailman/listinfo/dailydave
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunityinc com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave



-- 
"Se li uomini sapessino le cagioni della paura mia, capir potrebbero
il mio dolor"
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave