SlideShare a Scribd company logo

In cyber, the generals should lead from behind - College of Air Warfare - Pukhraj Singh - Dec 2019

P
Pukhraj Singh

Pukhraj Singh's presentation delivered at the College of Air Warfare, Secunderabad, on 17th Dec, 2019.

Technology
1 of 46
Download to read offline
In cyber, the generals should lead from behind College of Air Warfare, Indian Air Force Dec 2019 Pukhraj Singh www.pukhraj.me
Part I What are the principles of cyber conflict?
What’s our MOOSE MUSS for cyberwar? Conventional (US Military) Net-Centric Cyber Mass N/A ??? Objective N/A ??? Offensive Opportunity ??? Security N/A ??? Economy of Force Economy of Force ??? Manoeuvre Dislocation ??? Unity of command N/A ??? Surprise Surprise ??? Simplicity N/A ???
What’s our MOOSE MUSS for cyberwar? Principles of War for the Information Age, Lt Col Robert Leonhard, 1998
Spectrum of cyber conflict Cognitive effects for below-threshold/quasi hot wars: Cyber-enabled information/psychological operations Power projection Political coercion/blackmail Regime instability Narrative wars Separatism & insurgency Data-driven behaviour modelling Shooting wars Sabotaging morale, cohesion & will to fight Societal chaos No such thing as TOTAL CYBER WAR Strategic Cyber Electromagnetic Activities Breaking nuclear deterrence Breaking M.A.D Cyber Commitment Problem
No such thing as Total Cyber War In cyber, the grey zone is the red zone, and the red zone is the grey zone Kinetic, cyber-physical or blow-stuff-up cyber is a MYTH Cyber as a force-multiplier for a hot war has had little success
Cyber war & peace The nature of war hasn’t changed, the nature of peace has. -- Edward Sobiesk, US Army Cyber Institute
Cyber war & peace In the 21st century, we have seen a tendency toward blurring the lines between the states of war and peace. Wars are no longer declared and, having begun, proceed according to an unfamiliar template. -- Valery Gerasimov, Chief of General Staff, Russian Armed Forces
Part II Cyber operations are information operations in disguise
Cyber conflict is truly cognitive Stuxnet • “Not just a cyber effort against Iran’s nuclear capability but the announcement of a team. A rather huge team that has been playing World-Cup level soccer on the cyber battlefield for a decade and a half.” – Dave Aitel, ex- NSA • It had the “whiff of August 1945.” – Gen Michael Hayden, ex-NSA & CIA • “Continues to be misunderstood by many as a straightforward destruction event.” – Joe Slowik, ex-US Navy Sandworm • “Sandworm operations targeting Ukrainian electric infrastructure undermined public confidence in stability/integrity of critical infrastructure and key resources.” -- Joe Slowik, ex-US Navy
Cyber conflict is truly cognitive Rebecca Slayton, Cornell
Cyber conflict is truly cognitive The objective is not kinetic but cognitive effect, the manipulation of information to change thoughts and behaviors. In essence, the strategic goal is to affect morale, cohesion, political stability, and, ultimately, diminish the opponent’s will to resist. -- James Lewis, Centre for Strategic & International Studies
Cyber conflict is truly cognitive “Offensive cyber operations act most directly on intangibles -- information, knowledge, and confidence.” -- Herbert Lin, Stanford
Cyber conflict is truly cognitive Cyber effects are a subset of “full-spectrum information operations.” Full-spectrum information operations capabilities can yield powerful results - including changing the behaviour of an adversary national command authority - without resorting to traditional force-related actions. -- Joe Slowik, ex-US Navy
Shifting from kinetic to cognitive: parameters Also, increasing legal ambiguity
US cyber apparatus Continued export of conventional parameters & principles Very kinetic mentality Fixation with the Law of Armed Conflict-governed, legally-sanctioned effects (5Ds) Slight aversion to info ops due to legal ambiguity Russian cyber apparatus Totally in the cognitive dimension Export of cognitive parameters like “reflexive control;” many decades of experience Subset of full-spectrum info ops under hybrid war Pre-empted the exploitation of legal ambiguity on cyber & info ops to carve new thresholds Dirt cheap Shifting from kinetic to cognitive: parameters
“Offer” as an extremely powerful cyberweapon (e.g. hack-and-leak ops) - Wikileaks - DNC Hack - Panama Papers - Paradise Papers - CNBT Leak - Disabling the Great Firewall - Cyber National Mission Force’s declaratory signalling on VirusTotal Shifting from kinetic to cognitive: parameters
• All cyber operations are information operations in disguise • All cyber operations could be deemed as information operations even after full denouement • Cyber-enabled information operations, too, exploit the cybersecurity triad: confidentiality, integrity & availability -- “Applying Information Security Paradigms to Misinformation Campaigns” by Misinfosec Shifting from kinetic to cognitive: parameters
Jackie Schneider, former US Naval War College She’s mainly talking about cyber-physical ops Shifting from kinetic to cognitive: parameters
• Deterrence • Proportional response • Theatre of operations Actually, every cyber-military parameter could be cognitive
Part III Operational dimensions
Daniel Moore of King’s College London divides cyber operations into two broad categories: Event-based & Presence-based Broad categorisation of cyber operations
Presence-based • Espionage • Reconnaissance • Pre-positioning • Preparing the battlefield Broad categorisation of cyber operations Event-based • Power projection
Presence-based operations prime the battlefield for event-based operations. “At a place & time of choosing…” Broad categorisation of cyber operations
Presence-based operations prime the battlefield for event-based operations. WHY? Broad categorisation of cyber operations
The adversarial environment is perpetually in a state of violent flux: • Basically millions of layers of architectural abstractions & interfaces • Configurations change, users log-out, patches get applied, trust relationships alter & applications get updated Broad categorisation of cyber operations
In cyberspace, a small change in configuration of the target machine, system, or network can often negate the effectiveness of a cyber weapon against it. This is not true with weapons in other physical domains…The nature of target-weapon interaction with kinetic weapons can usually be estimated on the basis of physics experimentation and calculation. Not so with cyber weapons. For offensive cyber operations, this extreme “target dependence” means that intelligence information on target characteristics must be precise, high-volume, high-quality, current, and available at the time of the weapon’s use. -- Chris Inglis, former Deputy Director, NSA Cyber-ISR frameworks: Extreme target dependence
Inglis argues that fielding “ubiquitous, real-time and persistent” intelligence, surveillance and reconnaissance (ISR) frameworks is crucial for mustering the ability to produce cyber effects at a place and time of choosing. Cyber-ISR frameworks: Extreme target dependence
This is your offensive toolchain Only 20% of it actually manifests over adversarial infrastructure An exploit could be just this
You need a lot of people to have a small number of hackers hacking. -- Grugq
• Nation-state (internal) • Nation-state (blended) • Nation-state (external) • Mercenary configurations (criminal) • Mercenary configurations (hacktivist) • Mercenary configurations (private sector) • Mercenary configurations (former/parallel) -- “Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors,” Juan Andres Guerrero-Saade Offensive toolchains: organisational structures
Would you ever outsource a surgical strike to a private mercenary, because that’s what we are doing. Offensive toolchains: organisational structures
Jointness is a software mechanism
Successful strategies must proceed from the premise that cyberspace is continuously contested territory in which we can control memory and operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time. -- Surviving on a Diet of Poisoned Fruit, Richard Danzig Defend Forward as a forward-operated counterinsurgency
• Highly attritive • Necessitates persistent engagement • Will remain fully extrajudicial Defend Forward as a forward-operated counterinsurgency
LOAC doesn’t work in cyberspace • Rear Admiral Mohit Gupta’s assertion is misplaced • Cyber doctrines are assiduously divorcing themselves from the impracticality & dogma of law of armed conflict • Cyber effects are too cascading & cognitive to ever be accounted for like munitions • The generals should be leading from behind
LOAC doesn’t work in cyberspace Augustine and Aquinas (and Mahabharat) had a stunningly long run…today’s world, based as it is on digital information and increasingly intelligent information-processing, points the way to a beast so big and so radically different, that the core of this duo’s insights needs to be radically extended. -- Selmer Bringsjord, Rensselaer Polytechnic Institute
LOAC doesn’t work in cyberspace Paul Ney, the General Counsel of the U.S. Department of Defence: He talked about cyberspace, postulating a “common understanding” that international law principles apply, coupled with much disagreement about details, including the presumptive validity of “territorial analogies and precedents.” At the same time, he stressed the need for law to be cognizant of the U.S. cyber-strategy to “defend forward,” which did not necessarily line up neatly to “international territorial boundary lines.
Part III Cognitive cyber offence
This multidimensional space [of data-driven behavioural modelling] is the battlefield… this abstract space of ideas. Adversaries are now able to visualise at that level. -- Dr David Perlman, applied physics from Caltech, electrical engineering at the University of Washington & cognitive sciences doctorate at University of Wisconsin-Madison Battlespace as an abstract space of ideas
Commanding change Controlling agendas Setting preferences Joe Nye’s three faces of power
Cognitive attack surfaces
Door in the face: The Overton Window
Wg Cdr Keith Dear • RAF Intelligence Officer: Innovation lead in the UK’s Joint Warfare directorate & Air Staff’s Fellow, Research Fellow at Oxford’s Changing Character of War Programme • Warfare is fundamentally persuasive. So, it has a psychological/cognitive premise. Psychology must play a much greater role in your operational, tactical & strategic planning • Humans really are “biochemical algorithms, reducible to input-output mechanisms” • Kahneman-Tversky showed that we make probabilistic, predictable, replicable errors which’re exploitable (wow!)
Wg Cdr Keith Dear • By 2020, data brokers would’ve 5200 GB of data/person. Imagine the role of intel officers • Netflix’s recommendation is quite akin to the military perspective of “reinforcing success.” PW Singer calls it weaponised experimentation • Bank of England replaces public opinion surveys with Spotify data (you can depress an adversary, too) • Shared stage with Dominic Cummings, key orchestrator of Brexit. Cummings at a behavioural science conference: “I didn’t employ anyone like you. I employed physicists & mathematicians for micro-targeting” • 1. Our social structures remain same throughout life (people change). That’s how you target Putin. 2. Most of our decisions are pre-ordained. 3. Germans, by creating the staff system, modelled Napoleon out of every soldier (humans = algorithms)
Thanks www.pukhraj.me @RungRage

Recommended

Understanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghUnderstanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghPukhraj Singh
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018Pukhraj Singh
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckJarno Limnéll
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceJarno Limnéll
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015AFCEA International
 

Recommended

Understanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghUnderstanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghPukhraj Singh
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018Pukhraj Singh
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckJarno Limnéll
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceJarno Limnéll
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015AFCEA International
 
Cyberwarfare
CyberwarfareCyberwarfare
CyberwarfareSpace Defense Newsletter
 
Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllJarno Limnéll
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for CyberwarfareAurin Sheikh
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber warDavid Willson, Attorney, CISSP, Security +
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Why_TG
Why_TGWhy_TG
Why_TGTOP GUN
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosCommonwealth Telecommunications Organisation
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 

More Related Content

What's hot

Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllJarno Limnéll
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for CyberwarfareAurin Sheikh
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usualEnclaveSecurity
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 

What's hot (20)

Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéll
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
Why_TG
Why_TGWhy_TG
Why_TG
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 

Similar to In cyber, the generals should lead from behind - College of Air Warfare - Pukhraj Singh - Dec 2019

USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
The rise of cyberpower
The rise of cyberpowerThe rise of cyberpower
The rise of cyberpowerNoelle Cowling
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...CODE BLUE
 
Cyber power affects war outcomes in modern era
Cyber power affects war outcomes in modern eraCyber power affects war outcomes in modern era
Cyber power affects war outcomes in modern eraBhadra Thakuri
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015AFCEA International
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARTalwant Singh
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
Cyber Military Education in an Era of Change
Cyber Military Education in an Era of ChangeCyber Military Education in an Era of Change
Cyber Military Education in an Era of ChangeDr. Lydia Kostopoulos
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national securityTalwant Singh
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
 
Dondi West Defcon 18 Slides
Dondi West Defcon 18 SlidesDondi West Defcon 18 Slides
Dondi West Defcon 18 Slidesdondiw
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 

Similar to In cyber, the generals should lead from behind - College of Air Warfare - Pukhraj Singh - Dec 2019 (20)

USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
 
The rise of cyberpower
The rise of cyberpowerThe rise of cyberpower
The rise of cyberpower
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
 
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
[CB19] Keynote:Hacking the Bomb - Cyber Threats and Nuclear Weapons by Andrew...
 
Cyber power affects war outcomes in modern era
Cyber power affects war outcomes in modern eraCyber power affects war outcomes in modern era
Cyber power affects war outcomes in modern era
 
Cyber War
Cyber WarCyber War
Cyber War
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWAR
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
Cyber Military Education in an Era of Change
Cyber Military Education in an Era of ChangeCyber Military Education in an Era of Change
Cyber Military Education in an Era of Change
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national security
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
 
Dondi West Defcon 18 Slides
Dondi West Defcon 18 SlidesDondi West Defcon 18 Slides
Dondi West Defcon 18 Slides
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

In cyber, the generals should lead from behind - College of Air Warfare - Pukhraj Singh - Dec 2019

  • 1. In cyber, the generals should lead from behind College of Air Warfare, Indian Air Force Dec 2019 Pukhraj Singh www.pukhraj.me
  • 2. Part I What are the principles of cyber conflict?
  • 3. What’s our MOOSE MUSS for cyberwar? Conventional (US Military) Net-Centric Cyber Mass N/A ??? Objective N/A ??? Offensive Opportunity ??? Security N/A ??? Economy of Force Economy of Force ??? Manoeuvre Dislocation ??? Unity of command N/A ??? Surprise Surprise ??? Simplicity N/A ???
  • 4. What’s our MOOSE MUSS for cyberwar? Principles of War for the Information Age, Lt Col Robert Leonhard, 1998
  • 5. Spectrum of cyber conflict Cognitive effects for below-threshold/quasi hot wars: Cyber-enabled information/psychological operations Power projection Political coercion/blackmail Regime instability Narrative wars Separatism & insurgency Data-driven behaviour modelling Shooting wars Sabotaging morale, cohesion & will to fight Societal chaos No such thing as TOTAL CYBER WAR Strategic Cyber Electromagnetic Activities Breaking nuclear deterrence Breaking M.A.D Cyber Commitment Problem
  • 6. No such thing as Total Cyber War In cyber, the grey zone is the red zone, and the red zone is the grey zone Kinetic, cyber-physical or blow-stuff-up cyber is a MYTH Cyber as a force-multiplier for a hot war has had little success
  • 7. Cyber war & peace The nature of war hasn’t changed, the nature of peace has. -- Edward Sobiesk, US Army Cyber Institute
  • 8. Cyber war & peace In the 21st century, we have seen a tendency toward blurring the lines between the states of war and peace. Wars are no longer declared and, having begun, proceed according to an unfamiliar template. -- Valery Gerasimov, Chief of General Staff, Russian Armed Forces
  • 9. Part II Cyber operations are information operations in disguise
  • 10. Cyber conflict is truly cognitive Stuxnet • “Not just a cyber effort against Iran’s nuclear capability but the announcement of a team. A rather huge team that has been playing World-Cup level soccer on the cyber battlefield for a decade and a half.” – Dave Aitel, ex- NSA • It had the “whiff of August 1945.” – Gen Michael Hayden, ex-NSA & CIA • “Continues to be misunderstood by many as a straightforward destruction event.” – Joe Slowik, ex-US Navy Sandworm • “Sandworm operations targeting Ukrainian electric infrastructure undermined public confidence in stability/integrity of critical infrastructure and key resources.” -- Joe Slowik, ex-US Navy
  • 11. Cyber conflict is truly cognitive Rebecca Slayton, Cornell
  • 12. Cyber conflict is truly cognitive The objective is not kinetic but cognitive effect, the manipulation of information to change thoughts and behaviors. In essence, the strategic goal is to affect morale, cohesion, political stability, and, ultimately, diminish the opponent’s will to resist. -- James Lewis, Centre for Strategic & International Studies
  • 13. Cyber conflict is truly cognitive “Offensive cyber operations act most directly on intangibles -- information, knowledge, and confidence.” -- Herbert Lin, Stanford
  • 14. Cyber conflict is truly cognitive Cyber effects are a subset of “full-spectrum information operations.” Full-spectrum information operations capabilities can yield powerful results - including changing the behaviour of an adversary national command authority - without resorting to traditional force-related actions. -- Joe Slowik, ex-US Navy
  • 15. Shifting from kinetic to cognitive: parameters Also, increasing legal ambiguity
  • 16. US cyber apparatus Continued export of conventional parameters & principles Very kinetic mentality Fixation with the Law of Armed Conflict-governed, legally-sanctioned effects (5Ds) Slight aversion to info ops due to legal ambiguity Russian cyber apparatus Totally in the cognitive dimension Export of cognitive parameters like “reflexive control;” many decades of experience Subset of full-spectrum info ops under hybrid war Pre-empted the exploitation of legal ambiguity on cyber & info ops to carve new thresholds Dirt cheap Shifting from kinetic to cognitive: parameters
  • 17. “Offer” as an extremely powerful cyberweapon (e.g. hack-and-leak ops) - Wikileaks - DNC Hack - Panama Papers - Paradise Papers - CNBT Leak - Disabling the Great Firewall - Cyber National Mission Force’s declaratory signalling on VirusTotal Shifting from kinetic to cognitive: parameters
  • 18. • All cyber operations are information operations in disguise • All cyber operations could be deemed as information operations even after full denouement • Cyber-enabled information operations, too, exploit the cybersecurity triad: confidentiality, integrity & availability -- “Applying Information Security Paradigms to Misinformation Campaigns” by Misinfosec Shifting from kinetic to cognitive: parameters
  • 19. Jackie Schneider, former US Naval War College She’s mainly talking about cyber-physical ops Shifting from kinetic to cognitive: parameters
  • 20. • Deterrence • Proportional response • Theatre of operations Actually, every cyber-military parameter could be cognitive
  • 22. Daniel Moore of King’s College London divides cyber operations into two broad categories: Event-based & Presence-based Broad categorisation of cyber operations
  • 23. Presence-based • Espionage • Reconnaissance • Pre-positioning • Preparing the battlefield Broad categorisation of cyber operations Event-based • Power projection
  • 24. Presence-based operations prime the battlefield for event-based operations. “At a place & time of choosing…” Broad categorisation of cyber operations
  • 25. Presence-based operations prime the battlefield for event-based operations. WHY? Broad categorisation of cyber operations
  • 26. The adversarial environment is perpetually in a state of violent flux: • Basically millions of layers of architectural abstractions & interfaces • Configurations change, users log-out, patches get applied, trust relationships alter & applications get updated Broad categorisation of cyber operations
  • 27. In cyberspace, a small change in configuration of the target machine, system, or network can often negate the effectiveness of a cyber weapon against it. This is not true with weapons in other physical domains…The nature of target-weapon interaction with kinetic weapons can usually be estimated on the basis of physics experimentation and calculation. Not so with cyber weapons. For offensive cyber operations, this extreme “target dependence” means that intelligence information on target characteristics must be precise, high-volume, high-quality, current, and available at the time of the weapon’s use. -- Chris Inglis, former Deputy Director, NSA Cyber-ISR frameworks: Extreme target dependence
  • 28. Inglis argues that fielding “ubiquitous, real-time and persistent” intelligence, surveillance and reconnaissance (ISR) frameworks is crucial for mustering the ability to produce cyber effects at a place and time of choosing. Cyber-ISR frameworks: Extreme target dependence
  • 29. This is your offensive toolchain Only 20% of it actually manifests over adversarial infrastructure An exploit could be just this
  • 30. You need a lot of people to have a small number of hackers hacking. -- Grugq
  • 31. • Nation-state (internal) • Nation-state (blended) • Nation-state (external) • Mercenary configurations (criminal) • Mercenary configurations (hacktivist) • Mercenary configurations (private sector) • Mercenary configurations (former/parallel) -- “Draw me like one of your French APTs – expanding our descriptive palette for cyber threat actors,” Juan Andres Guerrero-Saade Offensive toolchains: organisational structures
  • 32. Would you ever outsource a surgical strike to a private mercenary, because that’s what we are doing. Offensive toolchains: organisational structures
  • 33. Jointness is a software mechanism
  • 34. Successful strategies must proceed from the premise that cyberspace is continuously contested territory in which we can control memory and operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time. -- Surviving on a Diet of Poisoned Fruit, Richard Danzig Defend Forward as a forward-operated counterinsurgency
  • 35. • Highly attritive • Necessitates persistent engagement • Will remain fully extrajudicial Defend Forward as a forward-operated counterinsurgency
  • 36. LOAC doesn’t work in cyberspace • Rear Admiral Mohit Gupta’s assertion is misplaced • Cyber doctrines are assiduously divorcing themselves from the impracticality & dogma of law of armed conflict • Cyber effects are too cascading & cognitive to ever be accounted for like munitions • The generals should be leading from behind
  • 37. LOAC doesn’t work in cyberspace Augustine and Aquinas (and Mahabharat) had a stunningly long run…today’s world, based as it is on digital information and increasingly intelligent information-processing, points the way to a beast so big and so radically different, that the core of this duo’s insights needs to be radically extended. -- Selmer Bringsjord, Rensselaer Polytechnic Institute
  • 38. LOAC doesn’t work in cyberspace Paul Ney, the General Counsel of the U.S. Department of Defence: He talked about cyberspace, postulating a “common understanding” that international law principles apply, coupled with much disagreement about details, including the presumptive validity of “territorial analogies and precedents.” At the same time, he stressed the need for law to be cognizant of the U.S. cyber-strategy to “defend forward,” which did not necessarily line up neatly to “international territorial boundary lines.
  • 40. This multidimensional space [of data-driven behavioural modelling] is the battlefield… this abstract space of ideas. Adversaries are now able to visualise at that level. -- Dr David Perlman, applied physics from Caltech, electrical engineering at the University of Washington & cognitive sciences doctorate at University of Wisconsin-Madison Battlespace as an abstract space of ideas
  • 41. Commanding change Controlling agendas Setting preferences Joe Nye’s three faces of power
  • 43. Door in the face: The Overton Window
  • 44. Wg Cdr Keith Dear • RAF Intelligence Officer: Innovation lead in the UK’s Joint Warfare directorate & Air Staff’s Fellow, Research Fellow at Oxford’s Changing Character of War Programme • Warfare is fundamentally persuasive. So, it has a psychological/cognitive premise. Psychology must play a much greater role in your operational, tactical & strategic planning • Humans really are “biochemical algorithms, reducible to input-output mechanisms” • Kahneman-Tversky showed that we make probabilistic, predictable, replicable errors which’re exploitable (wow!)
  • 45. Wg Cdr Keith Dear • By 2020, data brokers would’ve 5200 GB of data/person. Imagine the role of intel officers • Netflix’s recommendation is quite akin to the military perspective of “reinforcing success.” PW Singer calls it weaponised experimentation • Bank of England replaces public opinion surveys with Spotify data (you can depress an adversary, too) • Shared stage with Dominic Cummings, key orchestrator of Brexit. Cummings at a behavioural science conference: “I didn’t employ anyone like you. I employed physicists & mathematicians for micro-targeting” • 1. Our social structures remain same throughout life (people change). That’s how you target Putin. 2. Most of our decisions are pre-ordained. 3. Germans, by creating the staff system, modelled Napoleon out of every soldier (humans = algorithms)