P. W. Singer and Allan Friedman: Cybersecurity and cyberwar: what everyone needs to know
A great primer in question-answer format. Highly informative for somebody like me who knew next to nothing about cyberspace and its implications for international security.
Based on this technological survey, Singer and Friedman offer an accessible overview of how the internet actually works. At a very basic level, the internet is all about getting information from a website hosted by one computer to the computer from which a user queried the information in question. This means first of all that the location of the information a user desires must be found. Here, IP numbers come into play. IP numbers designate specific websites; each IP number is, through the domain name system (DNS), linked to a website with a given name. Moreover, the requested information must not only be found, but also needs to get from one computer to another. This process functions via three different layers. In the so-called application layer, the user sends a command in http asking for certain content. The transport layer then breaks down this information request into different packets. Finally, the network layer moves those packets through the internet, before the aforementioned transport layer reassembles them again. As for the question of how packets get across the internet, Singer and Friedman explain that the internet should be seen as a series of autonomous systems, run by different internet service providers. Each of those internet service providers hosts a number of IP addresses. Finding an IP address which contains the desired information thus means finding the relevant autonomous system. In a kind of trial and error process, various internet service providers reroute packets closer and closer to the to system which contains the intended IP address.
A great primer in question-answer format. Highly informative for somebody like me who knew next to nothing about cyberspace and its implications for international security.
How it all works
The first part of the book provides an understanding of the basic elements of cyber-security. Singer and Friedman define cyberspace as the realm of computer networks in which information is stored, shared and communicated. The authors offer short explanations of the internet's history, how it works and how it is being governed.
The internet. The feature of the internet which made it a "revolutionary" communication technology was that it is "packet"- rather than circuit-switched. While communication technologies based on circuit switching simply send all the data comprising a message at once, packet switching means that data flows are broken down into individual components (the so-called packets). The packets then bounce through the internet in a decentralized manner before being re-assembled at the message's designated end point. Like that, bandwidth can be saved as individual messages no longer require a dedicated circuit. In the decades since the first advent of the internet in the late 1960s, a variety of further technological breakthroughs shaped the internet as we know it today. Common transmission protocols (Internet Protocol, abbreviated as IP) allowed to link different networks; e-mail enabled person-to-person communication; modems made it possible that phone lines be used in communicating with other computers; and the hypertext transfer protocol (http) allowed for the presentation of information linked in different computer documents.
Based on this technological survey, Singer and Friedman offer an accessible overview of how the internet actually works. At a very basic level, the internet is all about getting information from a website hosted by one computer to the computer from which a user queried the information in question. This means first of all that the location of the information a user desires must be found. Here, IP numbers come into play. IP numbers designate specific websites; each IP number is, through the domain name system (DNS), linked to a website with a given name. Moreover, the requested information must not only be found, but also needs to get from one computer to another. This process functions via three different layers. In the so-called application layer, the user sends a command in http asking for certain content. The transport layer then breaks down this information request into different packets. Finally, the network layer moves those packets through the internet, before the aforementioned transport layer reassembles them again. As for the question of how packets get across the internet, Singer and Friedman explain that the internet should be seen as a series of autonomous systems, run by different internet service providers. Each of those internet service providers hosts a number of IP addresses. Finding an IP address which contains the desired information thus means finding the relevant autonomous system. In a kind of trial and error process, various internet service providers reroute packets closer and closer to the to system which contains the intended IP address.
Internet governance. The first part of the book also offers interesting insights into the internet's governance structure . Notably, states currently do not play a major role in this governance structure. To give an example, the organization responsible for the distribution of IP addresses- the Internet Corporation for Assigned Names or Numbers (ICANN)- is registered in California as a non-profit organization. The ICANN hosts a variety of advisory committees, to include committees representing national governments, but also internet service providers.
Defining cyber security. Singer and Friedmann define cyber security as encompassing the four dimensions of confidentiality, integrity, availability and resilience. Confidentiality refers to the privacy of data on a system. Integrity means that users can trust that their data and systems have not been improperly altered. The authors give the stuxnet virus as an example of an integrity attack par excellence. The virus altered the way Iranian centrifuges meant to enrich uranium were working without the Iranian engineers becoming aware in the first place. Availability refers to the ability to use systems and data as expected. Finally resilience designates the ability to avoid critical failure in the face of security threats.
Cyber threats. Singer and Friedman also provide an overview of different cyber threats. First, a variety of threats fall under the category of social engineering, which targets human users. Internet users are manipulated into revealing confidential information to cyber attackers. Phishing e-mails for instance look like e-mails received from an official and trusted source, but attempt to lure the recipient into actions in support of the attacker, such as providing their login credentials. Advanced persistent threats are probably the most advanced form of a "socially engineered" cyber threat. They bring together teams of specialists, who do systematic surveillance of a target, before intruding into a computer system and attempting to ex-filtrate as much data as possible.
A second type of attacks does not aim at the (human) user, but rather exploits software vulnerabilities. What is commonly known as malware, for instance, is nothing else than a pre-packaged exploitation of a software vulnerability. A new generation of malware aims to take control of whole networks of computers, creating what has become known as "botnets". Botnets, in turn, can be used in Distributed Denial of Service attacks, the type of attack Estonian state websites witnessed in the 2000s. Those kind of attacks target for instance web servers, with the goal to overwhelm them with the sheer amount of incoming requests.
Computer defense. The first part of the book also discusses different types of computer defense. Anti-virus programs usually consist of pre-packed solutions to malware whose traits have already been analyzed. Firewalls attempt to create a barrier between the different parts of a computer system, attempting to shield off the more sensitive areas. Intrusion detection systems aim to detect anomalous behavior associated with a cyber-attack. Finally, so-called "air gaps" designate the physical separation between a network and critical systems.
Why it matters?
In the second part of the book, Singer and Friedman discuss the strategic implications of the emergence of a cyber realm in international relations.
Nature of cyber-attacks. The defining difference between cyber and other types of attack is that they are digital in both means and targets. As argued by Singer and Friedman, this explains the other fundamental differences between cyber and other means of attack: cyber attacks are for instance harder to attribute, their effects are harder to predict, and costs are more related to research and development rather than to the components of actual weapon. Especially the attribution problem distinguishes cyber warfare from other types of attacks. Malware can take control of other users' computers. 25% of computers used in a Russian-sourced attack in Estonia in 2007 were for instance based in the United States. Another dimension of the attribution problem relates to so-called "patriotic hackers"- non-state groups employed by states to conduct cyber attacks on their behalf. The book provides an interesting discussion of the advantages and disadvantages patriotic hackers pose for the authoritarian states using them: while patriotic hackers allow those states to deny responsibility, governments such as the Russian or Chinese ones also have less control over them than they desire.
Nature of cyber-attacks. The defining difference between cyber and other types of attack is that they are digital in both means and targets. As argued by Singer and Friedman, this explains the other fundamental differences between cyber and other means of attack: cyber attacks are for instance harder to attribute, their effects are harder to predict, and costs are more related to research and development rather than to the components of actual weapon. Especially the attribution problem distinguishes cyber warfare from other types of attacks. Malware can take control of other users' computers. 25% of computers used in a Russian-sourced attack in Estonia in 2007 were for instance based in the United States. Another dimension of the attribution problem relates to so-called "patriotic hackers"- non-state groups employed by states to conduct cyber attacks on their behalf. The book provides an interesting discussion of the advantages and disadvantages patriotic hackers pose for the authoritarian states using them: while patriotic hackers allow those states to deny responsibility, governments such as the Russian or Chinese ones also have less control over them than they desire.
Range of cyber attacks. The book's second part also aims to introduce the reader to the issues of cyber crime- does it have the scale necessary to seriously threaten systems such as online banking- cyber espionage- currently controversial due to the theft of intellectual property by Chinese hackers, and cyber-terrorism- with attacks too difficult to pull off on a larger scale, but terrorist groups exploiting cyber space for networking and transferring knowledge.
Legal dimensions of cyber attacks. In their discussion of the ethical and legal dimensions of cyber warfare, Singer and Friedman point out that, like other forms of warfare, cyber war must follow the principles of proportionality and discrimination. Also, in order to count as an act of war, a cyber attack must have had effects which go beyond mere temporary disruption, and there must be a direct and measurable link between the cyber attack and those effects.
Military uses of cyber. Singer and Friedman elaborate on the various tactical uses cyber means may have in an armed confrontation: they may support the intelligence preparation of the battlefield; disrupt the opponent's command, control and communication networks; take control of the opponent's unmanned systems; target the computer systems running the enemy's military hardware such as ships or tanks; or deliberately target civilians.
Strategic implications of cyber. Cyber arms are a new and potentially disruptive weapons' technology and will likely have strategic implications. Central issues surrounding deterrence in cyberspace are the difficulty of attributing a cyber-attack to an originator and the issue of which level of force is appropriate to counter a cyber-attack. The attribution problem also makes signaling, a central component of the deterrence game, difficult. While stealthy and non-attributable cyber weapons are usually better for targeting an enemy's computer systems, they, due to their concealed nature, also make signaling one's own strength or resolve difficult.
A currently often discussed question is whether the growing importance of the cyber realm will reverse the current balance of power in world politics. The answer depends on whether the availability of the cyber realm as an additional realm of confrontation will strengthen weaker actors and whether it will favor offensive or defensive action.
On one hand, barriers to entry for cyber weapons are low and major powers such as the United States are strongly reliant on computer systems. These factors should strengthen weaker and non-state actors in disputes. On the other hand, sophisticated cyber-attacks, especially when they aim for having actual physical effects beyond the information sphere, require significant economic and human resources which minor powers and non-state actors usually do not posses.
On one hand, barriers to entry for cyber weapons are low and major powers such as the United States are strongly reliant on computer systems. These factors should strengthen weaker and non-state actors in disputes. On the other hand, sophisticated cyber-attacks, especially when they aim for having actual physical effects beyond the information sphere, require significant economic and human resources which minor powers and non-state actors usually do not posses.
Singer and Friedman paint a similarly picture is also quite nuanced regarding the offense defense balance in cyber-space. They dispute the argument that the offense dominates in the cyber domain because the exponential growth of information systems makes defending them increasingly difficult. Truly sophisticated cyber-attacks require a great deal of expertise and planning, making a disarming offensive first strike less likely than is commonly assumed. Moreover, the actual effects of a cyber-attack on a target remain hard to predict. Finally, a defender fearing a loss in the cyber domain has the option to escalate elsewhere, such as through diplomatic counter-measures.
Singer and Friedman also discuss issues of cyber proliferation and arms races. After their use, the technology behind cyber weapons such as stuxnet becomes publicly available, likely inspiring similar attacks. Drawing upon experiences from the cold war era, Singer and Friedman also argue that cyber arms races are unlikely to result in security gains for any of the actors involved.
What can we do?
In the final part of the book, Singer and Friedman lay out various avenues to improve cyber security.
Cyber resilience. Singer and Friedman point to the importance of resilience, understood as organizations and systems which maintain functionality and control while under attack. The authors argue that there are three dimensions to this concept: computer systems must be able to work under degraded conditions; they must recover quickly; and they must learn lessons to deal with future threats.
An international cyber regime. Friedman and Singer draw upon analogies to illustrate how an international cyber regime could develop. Specifically, they compare today's efforts to ensure internet security to the creation of the International Telegraph Union in the late 19th century and the historic fight against piracy. The high seas of the early modern age shared a variety of features with today's internet: nobody was capable of claiming complete control and state actors, state-sanctioned non-state actors, and private actors were all present. Moreover, while the sea and the cyber realm were/ are overwhelmingly used for communication and commerce, they are/ were also home to various nefarious and criminal activities. The global anti-piracy effort, as depicted by Singer and Friedman, largely relied on two lines of effort: attacking the markets and safe havens, such as pirate friendly islands in the Caribbean, which made piracy a profitable business and gradually building up a network of international treaties and norms directed against piracy.
One (promising) approach to developing an international regime against piracy, discussed by Singer and Friedman is so-called grafting strategy. The term, developed by political scientist Martha Finnemore, argues for the use of already existing international frameworks and areas of shared interests between major powers in order to gradually establish a rule-based international cyber order. Major powers could for instance begin to construct an international legal regime in the area of cyber crime, before gradually expanding their efforts towards more controversial issues.
Future trends
In their conclusion, Singer and Friedman discuss five major trends which will influence the cyber domain in general and cyber security in particular during years to come. Cloud computing allows users, be they individuals or organizations, to draw upon computing power and resources located outside their respective organizations. Big data designates the increasing ability to gather and analyze large and complex data-sets. As a result of the mobile revolution, the internet is increasingly used from mobile devices rather than home computers. The demography of internet users is shifting and increasingly includes non-Western users. Finally, the internet of things, brings with it the the dissolution of boundaries between the physical and the cyber domains.
Random pop-cultural reference
The internet of things...
Random pop-cultural reference
The internet of things...
No comments:
Post a Comment