1 / 23

Cyberwar in political perception

This lecture discusses the perception of cyberwar in US security policy, the underlying assumptions, real threats, incidents, vulnerabilities, military answer, central coordination, best practices, cyber security policy, U.S. influence on cyber-threat, and the need for cyber arms control. Presented by Ralf Bendrath, a visiting scholar at George Washington University.

altonk
Download Presentation

Cyberwar in political perception

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CyberwarFiction, Facts, and the Future of Arms ControlRalf Bendrath, BerlinFoG:ISForschungsgruppe Research Group on the Informationsgesellschaft und Information Society and Sicherheitspolitik Security PolicyVisiting Scholar LectureGeorge Washington UniversityThe Elliott School of International AffairsCenter for International Science and Technology Policy (CISTP)Security Policy Studies Program (SPS)26 March 2001

  2. Cyberwar in political perception • „one of the central challenges for security policy in the future“(Senator John McCain in primaries 1999) • „There will be an electronic attack sometime in our future”(John Hamre, Deputy Secretary of Defense 1996) • „Cyberspace ain´t for geeks, it´s for warriors“(John Hamre, Deputy Secretary of Defense 1999) • „electronic Pearl Harbor“(popular meme since 1991) • „This is a classic deterrence mission”(Condoleezza Rice last week)

  3. Cyberwar in US Security Policy • Part of counterterrorism policy PDD-63, May 1998 • Seen as “emerging threat”Congress • Included in military strategy planningJV 2010 & 2020, QDR 2001 • “Homeland defense”CSIS, Hart-Rudman Commission • a task for military strategy?

  4. Underlying Assumptions • real threat • foreign nations or terrorist groups • have capabilities • with intentions to use • vulnerability of US systems • can be answered militarily • can be coordinated centrally • threat independent of US policy

  5. What do we really know?

  6. It could be just junk mail, Colonel, or the beginning of a major enemy attack...

  7. Real Threat? • foreign nations • Russia: media management • China: “People’s Information War” • India/Pakistan: just began • Germany: working on it, mainly defense • France: economic espionage • Cuba: ridiculous • terrorist groups • prefer bombs • bin Laden uses encryption - so what?

  8. Incidents • Solar Sunrise • not Iraq, but US & Israeli teens • Kosovo War • website hacks, viruses, e-mails • Middle East • website hacks, DoS-attacks • China & Taiwan • private hackers, no govt. involved

  9. Vulnerabilities? • no sound estimates or statistics • national security systems not connected to public networks • critical systems not connected to public networks • patches! • main damage from viruses

  10. Military Answer? • deterrence is communication • unknown opponent • not a precise weapon • Posse Comitatus • law of armed conflict • political oversight?

  11. Central Coordination? • private ownership of systems • technology decentralised • centralised structures too slow

  12. Best Practice • local solutions and defenses • awareness & education • info-sharing • open source • computer scientists, not soldiers

  13. Cyber Security Policy (Clinton) • law enforcement • coordination within government • cooperation with industry • education for IT security • awareness

  14. U.S. Influence on Cyber-Threat • have done it • computer intrusions since 1980s • cyberwar waged 1991 & 1999 • part of military strategy • Joint Doctrine for Info-Operations • FM 100-6 (Info Operations) • specialised military units • infowar units (since 1994, expanding) • part of combat commands (2001)

  15. U.S. influence on Cyber-Threat • mid-eighties: CIA and NSA hack into Soviet and other computers • late eighties: U.S. armed forces develop computer viruses and recruit hackers • 1991: US forces hack into Iraq‘s C2 systems • 1994: „School for Information Warfare and Strategy“, National Defense University • 1996: „Information Warfare“ makes way into „Joint Vision 2010“ • October 1998: Joint Pub. 3-13 „Joint Doctrine for Information Operations“, offensive use of hacking

  16. U.S. influence on Cyber-Threat • Spring 1999: Computer Network Attacks on Serbia • May 2000: „Joint Vision 2020“, even bigger role for information warfare than in JV 2010 • October 2000: US Space Command assumes responsibility for Computer Network Attacks • February 2001: Air Intelligence Agency becomes part of Air Combat Command, goal: integrate computer network attacks into operational planning

  17. The IT - Insecurity Cycle IT vulnerability usage of IT-security holes cyber warfare military and intelligence services

  18. Dangers of U.S. Cyberwar Plans • export problems for U.S. computer industry • chilling effect on digital economy • U.S. as role model • cyber-arms race • Cyberspace less safe

  19. Cyber Arms Control needed • to prevent cyber arms race • to secure digital economy politically possible • already proposed by other nations • computer industry would love it urgent • dynamic still slow - how long? U.S. policy critical • most advanced, role model

  20. Weapons systems approach • quantitative • what to count? • manpower, computer power, network connections,...? • qualitative • what to prohibit? • hacking tools, planning tools, network mapping tools,...? • Verification almost impossible

  21. Normative approach • Doctrines • offensive use of hacking? • Units • computer attack units? • Operations • network attacks part of wargames? • Verification difficult, but not impossible

  22. Options for Action • political oversight • no first use • international convention on peaceful use of cyberspace • collaboration of security policy studies and computer science • see you in Berlin? Conference on Cyber Arms Control29 June - 1 July

  23. If you have become curious... Dipl. Pol. Ralf Bendrath e-mail discussion list Infowar.de • http://userpage.fu-berlin.de/~bendrath FoG:IS Forschungsgruppe Informationsgesellschaft und Sicherheitspolitik • http://www.fogis.de Telepolis Dossier „Infowar“ • http://www.heise.de/tp/english/special/info Federation of American Scientists • http://www.fas.org/irp/wwwinfo.html

More Related