Why the U.S. Will Lose A War In Cyberspace

There's not another nation in the world that can wage kinetic warfare as effectively as the United States, and that is probably at the heart of the reason why the U.S. will lose a war fought in cyberspace. It's not because we don't have skilled cyber warriors, because we do. It's because present leadership in the Department of Defense is trying to fit the round peg of cyberspace into the square hole of meat space. A perfect example of this mindset is found in the Spring 2011 edition of Strategic Studies Quarterly "Rise of a Cybered Westphalian Age" wherein the authors write [1]:

First, the technology of cyberspace is man-made. It is not, as described by the early “cyber prophets” of the 1990s, an entirely new environment which operates outside human control, like tides or gravity. Rather, as its base, the grid is a vast complex system of machines, software code and services, cables, accepted protocols for compatibility, graphical pictures for human eyes, input/output connections, and electrical supports. It operates precisely across narrow electronic bands but with such an amalgamation of redundancies, substitutions, workarounds, and quick go-to fixes that disruptions can be handled relatively well as long as everyone wants the system to work as planned.

In the earliest days of the Internet, otherwise known as Web 1.0 (the Read-only Web), the above was certainly true. As we moved to Web 2.0 (the Read-Write Web), it became less true. The more integrated our physical and virtual lives become (Web 3.0), the farther away from that definition we land. The fact that the authors of the paper still believe that cyberspace is nothing more than a man-made piece of hardware says volumes about how the domain is misunderstood at the highest levels of the DoD, which is obvious with the miscategorization of cyberspace as a 5th domain [2]:

Though the networks and systems that make up cyberspace are man-made, often privately owned, and primarily civilian in use, treating cyberspace as a domain is a critical organizing concept for DoD’s national security missions. This allows DoD to organize, train, and equip for cyberspace as we do in air, land, maritime, and space to support national security interests.

I've touched upon the concept of n-dimensional conflict here, and I'm writing a chapter on it for the 2nd edition of "Inside Cyber Warfare" (O'Reilly, 2009). In the course of my research, I've come across the work of theoretical physicist Basarab Nicolescu who argues that cyber-space-time (a more accurate name than "cyberspace") is both artificial and natural at the same time [3]:

The information that circulates in CST is every bit as material as a chair, a car, or a quantum particle. Electromagnetic waves are just as material as the earth from which the calculi were made: it is simply that their degrees of materiality are different. In modern physics matter is associated with the complex relationship: substance-energy-information-space-time. The semantic shift from material to immaterial is not merely naive, for it can lead to dangerous fantasies.

One of Nicolescu's influences was nobel laureate Wolfgang Pauli and Pauli, in turn, was fascinated by Carl Jung's theory of Synchronicity. In fact, Pauli and Jung spent a great deal of time together because Pauli believed that there was a relationship between Jung's acausal connecting principle and quantum physics; specifically a conundrum known as "quantum indeterminacy"[4]. In a kind of ironic twist, Carl Jung's theory of synchronicity has its genesis in his fascination with an ancient Chinese oracle called "The Book of Changes" or Yijing. It is a divinatory oracle that dates back to the Qin dynasty and teaches that the universe is composed of parts that are interconnected. The yarrow stalks used in the Yijing symbolize those parts while the casting of them symbolizes the mystery of how the universe works (Pauli's quantum inderterminancy). Chinese emperors and generals have used this oracle since approximately 300 BC and it may still provide a glimmer of insight into the mysterious nature of this new age of cyber-space-time and how cyber battles may be fought and won.

Unfortunately for Western nations, synchronicity has its origins in the East. Western nations have a tradition in causality, not synchronicity. And the U.S. Department of Defense is deeply grounded in traditional western thinking and practicality. The decision to call cyberspace a domain was based on organizational necessity. That's how DoD is set up. Its how budgets are created and funds distributed. Its how contracts get assigned. Simply put, its how things get done at the Pentagon. This is why the U.S. will lose a war fought in cyberspace. A strategic doctrine built upon a flawed vision cannot yield a victory against an adversary whose knowledge of the battlespace is superior to our own.
____
* Even though Pauli's lifetime preceded the Internet age, he wrote extensively about a unifying connecting principle which bridged mind and matter. Nicolescu references Pauli's work and calls that connecting principle Cyber-Space-Time.

References:
[1] Chris C. Demchak and Peter Dombrowski, "Rise of a Cybered Westphalian Age", Strategic Studies Quarterly Spring 2011
[2] Department of Defense Strategy For Operating In Cyberspace, July 2011
[3] Basarab Nicolescu "The Manifesto of Transdisciplinarity", SUNY Press 2002
[4] The Information Philospher  web page (http://www.informationphilosopher.com/freedom/indeterminacy.html)

Add to Cart View detail

AnonOps, LulzSec, & The Modalities Of nth Dimensional Conflict

Credit: Perceivin da multi dimensions

This post contains the beginning of my work to develop a new model with accompanying strategies for defending against anarchist clusters like LulzSec and Anonymous as well as more traditional opponents in cyberspace. I've named it the Principles of nth Dimensional Conflict. Since this is a work in progress and because I intend to flesh the principles and modalities out in more detail in the 2nd edition of Inside Cyber Warfare, I hope that interested parties will feel free to leave a comment with their thoughts and suggestions.

The genesis of this idea began with my first book in which I used the science fiction metaphor of a parallel universe to describe cyberspace: "a mysterious, invisible realm existing in parallel to the physical world, yet able to influence it in countless ways" (p.xiii). It's also why I've opposed the classification of cyberspace as a fifth warfighting domain. The Department of Defense as well as national and international law enforcement agencies have been relying upon traditional models to combat offensive cyber operations of all types with only marginal success. The information security community whose mission is to build software that protects private and government networks has failed miserably in executing that mission. In fact, some of their core principles such as publicizing vulnerability research may be causing more harm than good. The latest innovation is the rise of anarchist clusters like Anonymous and LulzSec who seemingly breach government and corporate websites at will. It has become clear to me that false assumptions about the battlespace have produced ineffective, possibly harmful defensive strategies and that we have to start fresh.

I've laid out some baseline principles that underlie recommended modalities or modes of action. In addition to my own interest in Complexity theory and Quantum physics, my thinking in this area has been greatly influenced by a research paper published by JASON in November, 2010: "Science of Cyber Security".

The Principles:

• Cyberspace is an artificially constructed environment that is only loosely tied to the physical universe and is not constrained by three dimensional space, therefore there are few apriori constraints on either the attackers or the defenders.
• It is not possible to definitively measure a level of security as it applies to the general operation of information systems (JASON).

The Modalities:

• Uncertainty and randomness favor the adversary, therefore defenders must implement components of randomness and uncertainty as part of a network defense strategy
• Since it isn't possible to anticipate every type of attack, the defender must become a competitor to the adversary and continually attack his own system "in the hopes of finding heretofore undiscovered attacks" before the adversary does.
• Transparency such as commercial anti-virus systems and InfoSec research favors the adversary. Secrecy favors the defender.
• For the adversary, trust is more important than identity. Since the Internet favors anonymity by design, defenders may achieve more success by breaching an adversary's trust loop than identifying who the adversary is.

I intend for this project to evolve into something more tangible in relatively short order but I don't expect it to be well-received. There's a lot of money invested (and being made) in the current flawed model and there's no scientific method that can be applied to the field of cybersecurity to help persuade skeptics. Absent scientific evidence, the best reason for corporate executives, military planners, and government policy makers to force themselves to explore and consider alternate paradigms like this one is the rapidly growing popularity of anarchistic hacker crews like LulzSec who will continue to thrive in the antiquated security environment that we've created up until this point. It's time to not only change the game, but the dimensional universe that the game is played in. Yes, we can do that in cyberspace.

Add to Cart View detail