The Art of Cyber War and Cyber Battle - Series Introduction
This series will revolve around comparing and contrasting Traditional War to Cyber War
The opening wave
Over the last thousands of years humans have been fighting each other across the earth for various reasons. From political, to monetary, to religious reasons, humans some how find another reason for conflict, and these methods of conflict have evolved over the last few hundred years and even more-so the last 75 years. Once before we had armies of thousands of troops with swords and shields meeting face to face and then to tanks and armored vehicles ruling the day, to then armadas of aircraft decimating hardened defensive lines. With the rise of worldwide telecommunications, the computer, and the internet a new battlefield has emerged known as the Cyber Domain. There are many differences and similarities to traditional physical warfare in this new form of conflict within the cyber world.
In my opinion the internet is the new battlefield, where classical borders don't exist, civilians are everywhere - constantly caught in the crossfire, and mobility is instantaneous. No longer is maneuvering done on mountains and plateaus over days but on internet service provider (ISP) circuits and through autonomous systems within seconds. Bullets are now packets and threat actors are everywhere with the ability to change their identity at a moments notice. Asymmetrical unconventional warfare and conventional pitch battles have been replaced by hacktivism, advanced persistent threats, and massive Distributed Denial of Service (DDoS) attacks respectively.
What I'd like to do is compare and contrast are some of these similarities between the traditional style of battle vs. the new Cyber battle. Sometimes I'll be using the "Art of War" as a guideline for some of the strategic philosophy, (If you haven't read "The Art of War" by Sun Tzu and you are a strategy enthusiast or student of military history, then you need to go and order that book now !) We will also cover technical 'cyber' aspects of attack and defense that most IT professionals would be familiar with while adding associations to traditional warfare.
What types of questions do we ask?
Continuing, Is data the new food that feeds this army? We've heard of data driven decision making, but what tools will the future hold in strategic movement online? How can we compare a data breach to a victory of the past? For example Sun Tzu wrote "Therefore a wise general strives to feed off the enemy. Each pound of food taken from the enemy is equivalent to twenty pounds you provide by yourself." How can we translate feeding off the enemy in cyber warfare? Because information is king we will need to unpack questions like these to identify what a victory can actually look like at a large scale.
In the traditional enterprise topology where the firewalls represents the castle and the internal LANs represent the town within the castle, are phishing e-mails the cyber equivalent of the trebuchet delivering plague filled crypto lockers? Or the example of holding and crossing rivers on bridges. Traditionally one army would hold the bridge and attack or move across by itself. But if you think of how the internet works there could be force's attack traffic passing each other on the same transport circuit back and forth. Therefore one could argue there are similarities but also extensive differences in the way one must think of Cyber Warfare and Cyber Defense.
Historically as new forms of battle or technology arise they tend to boost the current mainline dogma that's in place. We saw this with the tanks of World War 1 being used to augment the infantry formations, where infantry was the mainline thought of the time. This was until strategies like Blitzkrieg came where the tank was now the main tool used in the formation and was demonstrated to be effective some 25 years later in World War 2. We see this mainline dogma thought now with most conversations involving cyber boosting the physical form of battle with things like information disruption or dis-information actions.
Keeping with Blitzkrieg, when general Guderian's forces were able to breakthrough at Sedan, France in 1940 and consequently drive North to encircle the Allied divisions, in retrospect this was seen as a decisive win for that form of theory. So how can we also compare something like the Equifax data breach to a theory win for a type of cyber warfare strategy?
To conclude this introduction, I'd like to delve deeper in future posts to unpack questions like the ones mentioned above and attempt to the bridge the gap between physical and cyber to compare and contrast them to current and historical lessons. Moreover, I want us to discuss the digital only conflict and perhaps coin a new term "cyber battle".