6 D’s Of Cyberwar

Cybersecurity
Popular Science had a interesting article that spelled out the six D’s of Cyberwar:



On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.



“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”



– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.



– Step 2:  Compromise the enemy’s information either by:



1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.



Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”



On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.



We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉



(Source Photo: Andy Blumenthal)

Under The Beautiful Sea

Under_the_sea

The Defense Advanced Research Project Agency (DARPA) is looking for a place to stash some new military capabilities.

In a DARPA news release (11 January 2013) it states they are looking to support the navy by placing hibernated deep-sea capsules with payloads at under water locations and at the seafloor strategically around the globe–“almost half of the world’s oceans are more than four kilometers deep” providing “cheap stealth”.

The capsules with carry non-lethal payloads for “operational support and situational awareness”–such as command, control, communication, computers, intelligence, surveillance, and reconnaissance (C4ISR). 

Examples of pre-deployed payloads could be unmanned aerial vehicles (UAVs) and probably, unmanned underwater vehicles (UUVs). The release specifically states that this is “not a weapons program,” but you could imagine future evolutions of this.

The initial capabilities sought are for “situational awareness, disruption, deception, networking, rescue, or any mission that benefits from being pre-distributed and hidden.” 

The deep-sea capsules will need to survive under extreme pressure and be able to communicate at vast ocean depths to be remotely awoken and recalled when needed. 

Having capabilities available when and where needed–from the bottom of the sea to forward deployment–potentially mitigating some use of costly and non-stealth land bases.

I think this is an exciting idea especially since China was able to demonstrate its anti-satellite missiles in January 2007 in shooting down its own satellite, and I would think that these new underwater pods being sought may be able to provide some alternatives for sensing and communicating in conflicts where satellites are destroyed or disabled and/or other military muscle in not readily available. 

(Source Photo: here with attribution to Rakel SdPC)

>The Center Of Gravity Is Information

>

Center of Gravity (COG) is a military concept that Dr. Joseph Strange defines as “primary sources of moral or physical strength, power, and resistance.” From a military perspective, this is where we should concentrate when attacking the enemy. As Prussian strategist Carl von Clausewitz states, “that is the point against which all our energies should be directed.”

In “Center of Gravity Analysis” (Military Review, July/August 2004), Army Colonel Dale Eikmeier describes the framework for COG and how an enemy (your threat) attempts to exploit them, as follows:

· Center of Gravity—the organizations that do the work (e.g. the military/industrial complex)

· Critical Capabilities (CC)—the strengths of the organization—its “primary abilities”

· Critical Requirements (CR)—the supplies that a COG use—the inputs that are their opportunities, if leveraged for future plans

· Critical Vulnerabilities (CV)—the vulnerabilities a COG has—e.g. exposed or unguarded critical infrastructure

From an enterprise architecture perspective, I greatly appreciate this analysis of COG as it aligns beautifully with Albert Humphrey’s famous Strenghts, Weaknesses, Opportunities, and Threats (SWOT) Analysis for organizational strategic planning.

Aside from typical SWOT analysis to develop your organization’s strategy, the COG analysis adds greater offensive analysis to SWOT–like the military, organizations using the COG model can disrupt competitors’ advantages by seeking to weaken them where they are most vulnerable.

For example, EA used in this fashion may lead a company to build a sophisticated online sales site that directs customers away from your competitor’s retail location. Similarly, acquiring a major supplier (i.e. vertically integrating) may disrupt a competitors’ supply capability, and so on. The point is that EA becomes a force for attack rather than a mere planning tool or information asset.

It is at this point that I disagree with the assertion in the article that “Information is not power; it is a tool, an enabler. It helps wield military or economic power. By itself, it is simply information.”

Far to the contrary, information is one of the greatest assets that we have. It is the way that an advanced, intellectually based society competes. Of note, our declining performance in Science, Technology, Engineering, and Mathematics (STEM), which is so greatly worrisome to our leadership, is of concern because it is directly a threat to our competitive advantage, both militarily and economically, in the global environment.

Information, as embodied by the Internet, is now the center of our society. With it, we perform critical tasks of information sharing, collaboration and education. Used effectively, our military has developed robust command, control, communications, computers, intelligence, reconnaissance, and surveillance (C4ISR)—all information-based. Similarly, our industry is highly competitive and advanced because of the engineering, innovation, and people behind it.

Enterprise architecture, once a small part of the IT infrastructure, can actually play a far greater role in the information society if we allow it to. We have morphed from the industrial age of the 18th and 19th centuries to a highly advanced information society that creates new sources of critical capability, but also new critical vulnerabilities that must be defended. And we must also leverage the vulnerability of our enemies in order to stay viable. Whether it’s cyber-warfare or economic survival, information is at the heart of everything we are successfully doing today.

>What’s In An IT Acronym

>

In the military and public safety world, information technology is often discussed in broader strategic and operational terms.

For example, in the Coast Guard, it is referred to as C4&IT–Command, Control, Communication, Computers and Information Technology.

In the Department of Defense, they often use the term C4ISR–Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance.

According to GovTech Magazine, some public safety agencies (i.e. law enforcement and firefighting) often use another version of this, namely 4CI–Command, Control, Communications, Computers, and Intelligence.

The article provides some simple straightforward definitions for these (although perhaps skewed for first responders), as follows:

“- Command: The authority and responsibility for effectively using available resources, and for organizing, directing, coordinating and controlling personnel and equipment to fulfill a mission.

Control: The ability to issue orders or directions, with the result that those directions are carried out.

Communications: The most essential element. Communications between responders on the ground and command staff are critical to ensure that both groups have a common operating picture of the situation.

Computers: They process, display and transport information needed by commanders, analysts and responders. Today this increasingly includes mobile devices, such as laptops and smartphones.

Intelligence: The product of the collection, processing, integration, analysis, evaluation and interpretation of all available relevant information.”

While these capabilities are all critical to mission performance, I am not sure why we have all these variations on the same theme, but at least, we all agree on the 4Cs or is it C4?