Preparation, Cyber-Attack, Cyber Defense), Principles, Capabilities, Limitations, and Effects
In this section, several terms related to cyber operation will be briefly introduced.
Fig. 7.4 Reports on cyber operations from www.cfr.org
145
CyberSpace
Cyberspace is defined by US DoD as the global domain that consists of the interde- pendent networks of information technology infrastructures and resident data. This includes the Internet, telecommunications networks, computer systems, in addition to embedded processors and controllers (CRS 2015).
With electromagnetic signals from the different applications in the spectrum sending and receiving those invisible data elements around us, everything around us is part of this cyberspace. The Internet, or the web, online social networks (OSNs), smart phones, cloud computing, and Internet of things (IoT) are some other main milestones or contributes to the continuous growth of the cyberspace. All elements in those technologies are contributing nodes to this invisible, large, and complex virtual cyberspace around us.
Full Spectrum Cyber
We described in earlier sections the different implications for full spectrum cyber operations, analysis, etc. This is one of the “buzz” words in cyber operations and intelligence largely used by companies for marketing purposes. Originally, the term spectrum is related to the EW frequency spectrum from telecommunication prod- ucts, applications, bands, etc. This also integrated IT, software, hardware, and net- work environments and does not focus cyber applications on the software side only.
Cyber Ranges and Information Technology Ranges
Cyber ranges are large virtual labs that exist to provide and support safe and legal training on cyber security, intelligence, and operations. One of the main drivers for such labs is the need to equip cyber personnel with skills and hands-on trainings in addition to the theoretical learning or knowledge.
Typically, those are emulation rather than simulation. It means that many of those labs represent actual physical networks and labs, but users can access them virtually from anywhere in the world, once they are given the right credentials.
Virtualization is also common in those labs where users can use images with virtual operating systems. This can typically facilitate minimizing the effort for users to mimic the actual lab or exercise environment. It can also help users perform their training on virtual operating systems isolated from their host operating systems. For cyber security experiments, this can shield host operating systems from risks related to conducting experiments that can harm those operating systems.
Early cyber ranges were DoD private for internal employees only. There are many large-scale cyber ranges such as US national cyber range, NCR: (https://
www.acq.osd.mil/dte-trmc/ncr.html) developed by Defense Advanced Research
K0436: Knowledge of Fundamental Cyber Operations Concepts, Terminology/Lexicon…
Projects Agency (DARPA). There are some other projects such as Geni (www.geni.
net), Deterlab (https://www.isi.deterlab.net), Emulab (https://www.emulab.net), etc.
that provide public access to computing and system resources for students, research- ers, etc.
Cyber Espionage
In classical espionage, a company may hire an undercover employee to work with another company and spy on some products, technologies, etc. This may be similar in cyber espionage or may be completely virtual where individuals performing the espionage may not be physically in contact with target states, companies, or sys- tems. Espionage can be for spying on government or military personnel, systems, or assets. It can also be to transfer new technologies, inventions, copyrighted products, etc. In one recent cyber espionage case, the USA charged five Chinese hackers for cyber espionage against U.S. Corporations for commercial advantages (Department of Justice 2014).
Cyber Deterrence
Cyber deterrence is an active defense approach to respond and attack back adver- sary attackers. Cyber deterrence can serve two main goals: (1) To harden our sys- tems and the job of hacking them. Many hackers start by searching the cyberspace looking for victims. By making our systems harder that the typical or the majority of other systems, we can avoid untargeted attacks. Those are the attacks that are not focusing on one target, but rather any victim target that is vulnerable. The second goal of deterrence or active defense is to make the attacker or hacker think of con- sequences, whether those consequences are legal, monetary, etc. Deterrence may not be always possible or simple. For example, when amateur international indi- viduals target state or country large-scale systems, countering back such individuals may not cause significant cost or consequences on the attackers’ side.
Cyberwar and Cyber Warfare
Those are wars performed in and from computers and the networks/systems con- necting them, waged by states or their proxies against other states or countries.
With the continuous expansion of Internet of Things (IoT) in particular, many things in our real life are monitored and controlled through the Internet (e.g., trans- portation systems, telecommunication, power, GPS, and water systems). This indi- cates that future cyber warfare can seriously touch and impact human lives and safety similar to classical wars and weapons.
147
Cyber Persona
Cyber persona refers to an identity that is used in cyberspace to obtain information or influence others, while hiding or dissociating the actor’s true identity or affilia- tion (CI glossary 2011). The cyber world does not correlate clearly with the real world where many, in the cyber world may play more than one identity or fake their real identity. Additionally, it is very common for security defense personnel to mas- querade as hackers in some hacking websites to gain information about tools and users in those websites, etc. Drawing the line between ethical and unethical hacking can be in some cases very challenging especially as both teams may try to masquer- ade each other. Additionally, security defense personnel work in different organiza- tions and may not synchronize with each other or communicate with details on their defensive and offensive cyber operations. Another challenge is related to insider threats when they exist, intentionally or unintentionally as in both cases conse- quences can be very serious.
Cyber Weapons
The term cyber weapons can refer to the tools and mechanisms attackers or cyber operation offensive teams can use to attack adversary targets. This includes main categories such as malwares, botnets, denial of services (DoS), worms, etc. Cyber weapons and tools continuously evolve and the competition between both cyber operations defense and offense teams is very high to keep up with tools and mecha- nisms of the other side. Typically, offensive job is easier than defensive where from an attack or offense perspective, all what it takes, is one vulnerability or exploit to successfully attack a system. This vulnerability can come from a wide range of targets such as: software, hardware, network, operation system, servers, websites, or users. Typically, a major attack starts from one exploit that can be escalated later on.
Cyber Warriors
Individuals or teams who launch cyber offense operations are typically called cyber warriors. Whether true or not, many cyber warriors in different countries work on their own without being members of government agencies or state-sponsored mem- bers. One reason, states adopt such models is to avoid legal consequences or inter- national relational problems.
Cyber Deception
Cyber deception enables a proactive security approach by seeking to deceive attack- ers, detect them and then defeat them, allowing systems to return to normal operations.
K0436: Knowledge of Fundamental Cyber Operations Concepts, Terminology/Lexicon…
Cyber-Hacktivists
Cyber-hacktivists are individuals who perform cyber-attacks for political, environ- mental, or other nonmonetary reasons. One of the most popular examples of cyber- hacktivists is anonymous group. Anonymous is a large decentralized international hacktivist group that is widely known for performing various DDOS cyber-attacks or web defacements against several governments. In some other cases, those can be in the form of cyber-riots with large individuals against their own country protesting their own government, policies, etc.
Cyber Operations Limitations
One of the significant efforts that talked about limitations on cyber wars and opera- tions is Tallinn Manual (NATO 2013, Schmitt 2013, 2017). The manual represents 3 years effort to assess how current international laws react to cyber operations, warfare, etc. One important limitation in cyber operations focused in the manual is related to the protection of civilians and the need to take all possible measures to protect humans from the impacts of cyber operations. From practical perspective and due to the nature of the Internet and cyber world where everything is intercon- nected, achieving such goal in all cyber operations is almost impossible. States are responsible and liable for cyber operations committed by their members or proxies (Schmitt 2013). The ability to limit or trace back all types of impacts that a cyber operation caused can take effort much more the effort required to plan and deploy those cyber operations. This can be seen as similar to the “collateral damage” in conventional wars (i.e., unintended damage).
The detection of activities by adversaries in the cyberspace is a difficult and long process (Joint Publication 3-12, 2013). Further the assessment of the impact of a cyber operation is also tedious and time-consuming. It is possible that friendly cyber operation may cause direct or indirect impacts on friendly assets that were unac- counted for as planning for the impact of a cyber operation is tedious and may not be always accurate.