Full Report
The text that follows is a short statement I prepared for the press ahead of my presentation at the ‘The International Conference on Cyber Conflict’ (http://www.ccdcoe.org/ICCC/) in Tallinn, Estonia. It felt like I had very mixed response, so I’d be interested to hear what others think… My background and context Any opinion can only be understood if you also understand its context. Therefore, in order to understand the thinking that follows, you also have to understand my perspective. Three aspects of my context effect my thinking here:
Analysis Summary
# Main Topic
The inherent reality, asymmetry, and consequences of Information Warfare, particularly concerning the difficulty for nations, especially developing ones, to defend against sophisticated cyber adversaries.
## Key Points
- Information warfare (or cyber warfare) is currently real and ongoing; specialized military/security complexes are accumulating power, technology, and digital territory without public awareness.
- Information warfare is fundamentally asymmetrical, favoring the attacker who only needs to succeed once, contrasted with the defender who must succeed constantly.
- The cost of successful, devastating attacks targeting critical national infrastructure (e.g., Stuxnet) is relatively low compared to the cost of traditional defense spending.
- Most critical national infrastructure sectors (banking, utilities, administration) rely on systems and infrastructure that governments do not fully control, making comprehensive defense nearly impossible.
- High exposure levels, exemplified by the WikiLeaks incident where hundreds of thousands had access to sensitive data, illustrate the scope challenges in securing controlled networks (like SIPRNET).
- The author hypothesizes that this reality will lead to two primary paths for cyber policy: Cyber Neutrality/Information Freedom or a Cyber Arms Race leading to Mutually Assured Destruction (MAD).
## Threat Actors
- **Nation-States/Well-Funded Adversaries:** Implied as the source of sophisticated, high-impact attacks capable of targeting national infrastructure (referenced via the Stuxnet attack).
- **Hacker Collectives:** Specifically named incident citing the public release of sensitive correspondences between security firms HBGary, Palantir, and Endgame Solutions, allegedly breached by Anonymous. (**Note**: This is cited as evidence for the reality of IW, not a specific TTP demonstration).
## TTPs
- **Infrastructure Compromise:** Capability to bypass "all reasonable security controls" to cause devastation to critical national infrastructure (e.g., Stuxnet targeting Iranian nuclear program).
- **Data Exfiltration/Disclosure:** Mass release of sensitive internal communications and classified documents (referenced via the HBGary breach and the WikiLeaks incident).
- **Advanced Persistent Presence:** Implication that many systems today may already be compromised by sophisticated malware too difficult to detect and remove at scale.
## Affected Systems
- Critical National Infrastructure: Banking, utilities, industry, and government administration systems.
- Highly Secretive Government/Military Networks: Mentioned indirectly through the vulnerability demonstrated by leaks on networks like SIPRNET.
## Mitigations
The author suggests that given the current reality, nations face two stark policy choices:
1. **Cyber Neutrality and Information Freedom:** Accept that total defense is impossible. Shape policy to avoid conflict, ensure no secrets exist, and maintain shared benefit from connected systems. (This option resonates with the author's personal ethos but seems difficult to implement).
2. **Cyber Arms Race / Mutually Assured Destruction (MAD):** Focus on building destructive cyber deterrents as a tool for defense, aiming for digital stand-off similar to the Cold War nuclear doctrine.
## Conclusion
The current state of information warfare heavily favors the attacker due to system dependency, sprawl, and inherent asymmetry. Unless policymakers act rapidly to acknowledge this reality, the global security posture is likely to default toward an unstable, escalating cyber arms race characterized by constant espionage and mutual digital threat.