Strife series

Call for Papers: Caribbean Maritime Security Series

February 1, 2021 by Strife Staff

Strife is pleased to announce the call for contributions to its ‘Caribbean Maritime Security’ Series.

This series is looking to publish on a range of topics and perspectives related to Caribbean maritime security. There is no restriction as to period, nor is there a requirement to include a broader regional perspective. Articles can focus on a single theme related to Caribbean Maritime Security like a specific country within the region. The themes could include but are not limited to:

Regional Navies and Coast Guards
Emerging Maritime Threats in the Caribbean
‘Great Power Competition’ in Caribbean Maritime Security
Port and Panama Canal Infrastructure Security
Caribbean History and Maritime Security
Illegal Narcotics Trafficking as a Maritime Issue

Articles should be around 1000-1200 words in length and meet with all of the submission guidelines. Articles will be subject to a review by the Series Editor and the Blog Coordinating Editor prior to acceptance to the series articles that do not meet referencing and formatting guidelines risk being rejected for publication.

Articles should be submitted by 19 February 2021. If you are interested in submitting an article for publication, or have an idea or query you wish to discuss, please contact our editorial team at: blog.coordinating.editor@strifeblog.org.

Strife Series on Cyberwarfare and State Perspectives, Part III – The argument for a more critical analysis on the United States

July 23, 2018 by Shivali Bhatt

By Shivali Bhatt

Military Operation in Action, Soldiers Using Military Grade Laptop Targeting Enemy with Satellite (Credit Image: Gorodenkoff / Stock Image)

A critical line of argument regarding cyber warfare today is how it has supposedly brought about contextual changes that challenge the balance of power in the international system. The broad consensus is that large, powerful states, like the United States, are losing leverage against those – traditionally – deemed small and weak. According to an article published earlier this year by the World Economic Forum Global Platform, the rising domain of cyber warfare can be somewhat seen to be causing a levelling effect in the world today. Any state or non-state entity with access to the Internet and digital technology can develop powerful cyber weapons. At the same time, some news sources have claimed how the much-anticipated cyberwar is already underway, and how the United States is not ready or will most likely lose. The simplistic nature of such discourse fails to allow for a more critical understanding of what factors influence the nature and reality of cyber warfare. This article shall critique these narratives by analysing the factors that influence the strategic efficacy of cyberwarfare. Bearing the current state of cyberwarfare in the United States in mind, it shall contextualise these factors.

The United States is the most powerful state in the world, particularly regarding its military and intelligence capacity. President Trump elevated the original Cyber Command to a Unified Combatant Command earlier this year.

The importance of intelligence and collaboration

While it takes a lot of skill and effort to appropriately develop a powerful cyber weapon, the most complicated part of this process is application or deployment. It is this stage that determines the extent to which a cyber operation will yield strategic leverage for a state; one that relies on intelligence agencies and international alliances. In other words, cyber weapons are generally part of an extensive collection of capabilities.

Theoretically, the state with the most resourced and well-connected intelligence community will likely reel in greater strategic benefits from the domain of cyberwarfare, on the basis they are active political players in global affairs. The more in-depth and holistic the collecting and analysing of intelligence data, the smarter the cyber offensive strategy. In this context, the United States has notable leverage. The U.S. spends approximately $1 trillion on establishments and organisations that serve a national security purpose; in which its intelligence community spans across seventeen federal agencies. Moreover, these bureaus have strictly woven relationships with a large number of agencies operating in other states, with bases and ground-level operatives in over forty countries, including Israel and the United Kingdom. As NATO’s Operation Locked Shields demonstrates, cyberwarfare is a multi-dimensional domain that is determined by the nature of cooperation and collaboration between states. The Stuxnet virus, for instance, was planted with the assistance of the CIA’s regional partners in Israel; assets that were crucial to such a clandestine and sensitive operation. These practical steps to implementing cyberwarfare strategies explain why the U.S. is still and will always technically be a dominant player in the field.

The broader political context

Given that cyberwarfare is an aspect of broader political strategy, states that are regularly engaged in international affairs are more likely to determine the context for cyber-attacks. The United States is considered extremely influential, while North Korea – regardless of how large, fast-growing or highly skilled its ‘cyber army’ appears – a back-seat driver. Narratives that present North Korea as a case study to exemplify the ‘levelling effect’ in the world today, often present highly fragmented arguments outside of context.

It is useful to consider how economics and politics are woven together into the strategic context of cyber warfare, given that a prime part of developing cyber warfare strategy involves gathering in-depth knowledge on a person or situation. Similar to how former President Obama’s administration exploited the weaknesses of Russia’s economy by imposing heavy sanctions against Moscow in 2014, Washington can gain a notable edge by targeting Putin’s private affairs offshore; the consequences of which would be determined by the extent to which Putin’s private affairs affect Russia’s domestic political context. According to a National Bureau of Economic Research paper, the total accumulation of Russian offshore holdings amounts to approximately between $800 billion and $1.3 trillion; most of which belongs to President Putin and associates. This wealth power has been a contributing factor to his political power and ability to maintain authority in Russia, enabling him to govern and preside over state institutions and the secret police. Targeting his foreign assets would be a strategic application of U.S. cyber power.

Underlying factors

In this discussion, it is useful to recognise the longer-term damage traditional military weapons can have on both intellectual and physical infrastructures, and how those induced by cyberspace have not yet demonstrated such ability. At the same time, the Stuxnet weapon and newer versions inspired from its technological layering, such as the relatively recent Triton bug, can act as catalysts to broader military strategy. However, the accurate deployment of such a weapon not only requires a significant amount of skill and resource, both of which are usually available to higher-earning economies but also can go wrong. In the case of Stuxnet, several sources confirmed that the Americans and Israelis ‘lost control’ of their act.

It goes without a doubt saying that the United States is a powerful influencer in the world today, and especially so in a context of increasing globalisation and digital technology. There are a lot of concepts, processes and cultural embedding that would also need to be in the firing line for this argument to hold any traction in the longer term.

Conclusion

Today, it is really popular to consider cyberwarfare as this rising domain that challenges all other pre-existing tenets of global politics, with the narrative being how weaker states such as North Korea are on the rise and those powerful ones such as the United States should watch their back. However, the authors of such arguments seem also to disregard any more in-depth aspects of warfare analysis, such as the power of alliance, broader context, and particularly the underlying factors found within societal construct and culture that have existed before the advent of the digital age. While cyber warfare has proven to be a powerful mechanism, its scope of threatening powerful actors like the United States needs to be assessed through a more critical lens. Further, doing so will help better conceptualise its strategic worth in comparison to more conventional methods of warfare strategy.

Shivali is currently pursuing her MA Intelligence and International Security at Department of War Studies, King’s College London. She is also a Series Editor at Strife, as well as a Creative Writer at cybersecurity startup PixelPin, where she contributes articles on ‘Thought Leadership’, encouraging readers to approach security issues through innovative means. Prior to that, she spent some time in Hong Kong under the InvestHK and EntrepreneurHK organisations, engaging with the cybersecurity and tech scene on the East Coast. Her core research interests include modern warfare and contemporary challenges, cybersecurity, and strategic policy analysis. You can follow her on @shivalixb

Image Source: https://www.istockphoto.com/gb/photo/military-operation-in-action-soldiers-using-military-grade-laptop-targeting-enemy-gm879913090-245205517

Strife Series on Cyberwarfare and State Perspectives, Part II – Deception in Cyberspace: Nation States and False Flag operations

July 19, 2018 by Amy Ertan

Examining the use and effects of false flags in nation state cyberattacks, and how geopolitical analysis may be add value to attribution efforts.

By Amy Ertan

‘The Problem of Attribution’

The problems with cyber attribution form a labyrinth that continue to trouble all those involved in cyber defence and wider security. The challenges determining what has taken place, to whom and by whom is an process that lacks repeatability and often any clear solution. Nonetheless, the value of attribution makes it an indispensable exercise on which to concentrate resources. Without the ability to tie a cyber-attack to an individual, group or nation state, there can be no political or legal enforcement of regulation or counter-action. This represents a huge limitation on international relations where cyber activity continues to grow, influencing diplomacy and conflict. What some may consider a technical investigation has, therefore, shown itself to be a major geopolitical problem. As Thomas Rid summarises, ‘attribution is what states make of it’.

Introducing False Flags

Attacks involving nation state actors involve unique challenges that further complicate attribution attempts. Amongst other factors, the use of ‘false flags’, where an attacker pretends to be someone other than themselves, is a tactic to ‘frame’ other threat actors. A false flag operation could be as simple as malicious ‘marketing’, inserting imagery appearing to show another threat actor claiming responsibility. It could also be as simple as inserting other languages into payload headers or malware. From 2012, Iranian hackers used Arabic rather than Farsi when attacking US banks, while suspected North Korean state-sponsored Lazarus group is often known for attempting language imitation. As well as enabling attackers to avoid detection, false flags may be used as a form of manipulation, directing the victim’s attention to potentially target third-party actors. Should investigators of an event fail to realise that the false flags are not genuine hints, they may incorrectly attribute an attack, which may extend to misdirected retribution.

Nation State Case Study: Russia

False flag operations are not a new aspect of Russian military strategy. The justification for deception can be explored through Russian military doctrines such as ‘provokatsiya’, (‘provocation’), whereby agents act surreptitiously to cause secret political effects, helping Moscow whilst damaging Moscow’s enemies. Further doctrine ‘maskirovka’ specifically concerns deceiving victims while also hiding the true intent of operations, complementing the ‘konspiritsiya’ (‘conspiracy’) doctrine and Russian espionage tradecraft. Themes displayed most obviously through and beyond the Cold War period, it is perhaps unsurprising that intelligence tactics have led to cyber false flags acting as ‘the Kremlin’s hidden cyber hand’. These tactics assist in furthering Russian geopolitical goals, typically through attacks against Western governments. Interference in elections are a clear example, with French and US elections compromised to suspected Russian actors. Similarly the NotPetya attacks, which the US, UK, Canada, Australia and New Zealand publically attributed to Russia, may be understood as part of a wider Russian state disregard for Ukranian sovereignty.

In 2015, ‘Cyber Caliphate’ jihadist propaganda flooded TV-Monde’s social media during a destructive cyberattack, an act ultimately traced back to Russian-based ‘Fancy Bear’, a group with links to Russian military intelligence. The flag was relatively simple: creating a fake online persona, a tactic mirrored by separate Russian threat actors with the ‘Guccifer 2.0’ persona in the 2016 DNC hack. These examples highlight a few Russian threat actors using false flags, alongside DC Leaks and Shadowbrokers.

In the 2018 Winter Olympics, Olympics IT systems were temporary disabled, with WiFi, monitors and the Olympics website unavailable. Analysts concluded Russian actors used North Korean IP addresses and attempted to forge malware used by Lazarus Group, a flag uncovered due to an error forced header. Analysts looked beyond the technical information to argue that the attack was designed to gain attention, where perpetrators ‘wanted to be discovered… as Lazarus Group’, concluding this attack was likely ‘setting the stage’ for further campaigns. Russia’s actions were assumed to link with their enforced non-participation in the event, alongside wider geopolitical tensions.

A Strategic Approach

Attribution capabilities are currently highly asymmetric, with only a handful of states thought to be capable of successfully attributing cyberattacks with high confidence. Given typical characteristics of false flag indicators, technical analysis is necessary but not sufficient when attempting attribution, for three reasons. Firstly, it is unreliable to be dependent on attackers making errors when determining whether evidence is a false flag. Errors such as poor language translation are unlikely to be repeated frequently in the long-term, given the capabilities of nation states dedicated to achieving cyber goals. Secondly, nation states and state-sponsored groups represent the most able threat actors. As offensive actors, states will often have multiple cyber units, alongside distributed command-and-control servers and resources to continually update sophisticated evasion techniques. It is expected this makes them considerably harder to detect and attribute against, compared with less skilled, purely criminal counterparts. Finally technical indicators of compromise for a cyber incident are often identical whether the event was a malicious cyberattack or not. Technical analysis, even if conducted by the most sophisticated and capable of actors, may not reveal information that proves itself to be actionable intelligence.

To understand false flag operations driven by nation-state actors, one must understand the context in which the attack took place. Professor Thomas Wingfield argues that ‘strategic attribution – fusing all sources of intelligence on a potential threat – allows a much higher level of confidence and more options … strategic attribution begins and ends with geopolitical analysis.’ Geopolitical threat profiling and strategic intelligence functions therefore become entwined with the technical attribution operation.

Concluding Thoughts

As Symantec security analyst Vikram Thakur neatly summarises, ‘We think the future is going to get even more complicated with actors relying more and more on false flags… throwing another group [under] the bus from an attribution standpoint.’ False flags are a tool for nation states. Not only can they deceive, misdirecting attention from an attack, but they can change agendas, create imaginary threats, or be used to communicate between states who can detect subtle flags (versus those who cannot). It is a task that matters – NATO CCDCOE stressed that without sufficient attribution, there cannot be official consequences. Getting to grips with the challenges and counter-approaches to an attack is a task that will weigh heavily in the context of rising geopolitical tensions observable today across the globe.

Amy Ertan is a PhD researcher within the Centre for Cyber Security at Royal Holloway, University of London. Amy previously studied Philosophy, Politics and Economics at the University of Oxford, where she first developed an interest in international security. Amy was part of the winning team in Atlantic Council’s international relations / cyber security 9/12 competition, and was also awarded Cyber Security Student of the Year at the 2018 SC Media Awards. Her main research interests continue to focus on international relations and cyber-warfare, as well as emerging cyber security threats relating to artificial intelligence.

Image Source: https://www.123rf.com/photo_67396671_russia-spying-on-america-russian-hackers-threaten-us-computer-networks.html

Strife Series on Cyberwarfare and State Perspectives, Part I – Offensive Cyber Capabilities and Medium Powers: Two Case Studies

July 17, 2018 by Andreas Haggman

By Andreas Haggman

Introduction

In recent years, traditional military capabilities have been supplemented by the development of offensive cyber capabilities. Examples of cyber capabilities have proved that effects can be achieved in both the kinetic (e.g. Stuxnet, Black Energy) and information spheres (e.g. Crimea, TV5 Monde). However, discussions in this area are often predictable in the actors that are considered. When commentators, both in the media and academia, talk about offensive cyber capabilities it is usually in reference to a list of usual suspects: the US, Russia, China, North Korea, and Iran are the primary state antagonists, with the UK, Israel, and sometimes France being cast in supporting roles. Anonymous and amorphous organised crime groups are often referenced as non-state actors, though the role of Anonymous seems to have subsided in the past couple of years.

This article seeks to highlight how offensive cyber capabilities augment the traditional capabilities of two lesser-mentioned state actors: Australia and Sweden. Although geographically distinct, both these countries can be classified as ‘medium powers’ who, in the words of Richard Hill, are ‘likely to have few resources to spare for the exercise of power beyond what is necessary to safeguard and, where possible, further its vital interest of territorial integrity, political independence and betterment.’ Importantly, in the context of cyber capabilities, both countries have declared either operational deployment of such capabilities or intent to develop them. This article discusses how cyber capabilities form part of both countries’ official policies and how these might be deployed for operational effect in their geopolitical contexts.

Australia

Australia published its first Cyber Security Strategy in 2016, which formally acknowledged the existence of Australian offensive cyber capabilities. In November 2016, Australian Prime Minister Malcolm Turnbull announced that the country had been conducting offensive cyber operations against ISIS targets. Australia therefore has a pedigree in the offensive cyber capability space and it also has a formulated policy on how these capabilities should be used: despite misplaced notions of deterrence expressed in the Cyber Security Strategy, later policy documents have stated that offensive cyber capabilities would be used to target cyber criminals.

Australia’s geopolitical situation means this approach of deprioritising state-based threats to instead focus on non-state actors (even if some these may have state-backing) is likely the best use of its offensive cyber capabilities. Geographically, politically, and economically, Australia’s most pressing concern is China: it’s attempted dominance of south east Asian sea routes, it’s influence in Australian politics, and its large investments in Australian industry, particularly the mining sector. However, deployment of offensive cyber capabilities against Chinese targets would not address any of these issues and they must instead be tackled with diplomatic, legal, and economic means.

A better use of offensive cyber capabilities is therefore to target non-state actors and criminal groups. For these targets, capabilities which cause disruption or enable better information gathering by law enforcement are more appropriate than capabilities which cause physical destruction. As an example, an extension of the Australian patrol boat scheme can be envisaged where Australia provides support to anti-piracy and anti-people smuggling operations in the south Pacific and Indian oceans. Capabilities that stain dark web traffic, allowing it to be tracked, can help identify the criminal actors which perpetrate these activities. Such capabilities may not be at the behest of the island nations which inhabit the south Pacific and Australia is well-placed to meaningfully contribute with its own capabilities.

Sweden

Sweden published a national cyber security strategy in 2016 which contains provisions for ‘a robust capability to conduct active operations in the cyber environment.’ However, as early as 2013 a report on long-term strategic planning had advocated for Sweden to develop offensive cyber capabilities. This view was backed by several people in the Government, who assessed that Sweden had to keep pace with technological developments – if everyone else were acquiring offensive cyber capabilities, so should Sweden.

Similar to Australia, Sweden has an obvious adversary in its immediate geographical locale: Russia. In this case, contemporary concerns about Russian behaviour (military manoeuvres, disinformation campaigns) are backed by a history of conflict between the countries – Russia is very much the old enemy. But since the 20^th century Sweden has also positioned itself as a paragon of neutrality and all operational military activity has been strictly limited to UN peacekeeping missions. The utility of offensive cyber capabilities is less obvious in these missions because the critical component is a physical presence on the ground which serves a securing and deterring effect. This presence cannot be achieved with cyber capabilities.

Instead, Sweden may find a peacetime outlet for its offensive cyber capabilities if used as signalling devices. Russia regularly runs military flights provocatively close to, sometimes within, Swedish airspace. It could be envisaged that targeting one of these flights in a non-lethal capacity (for example by displaying a message on the pilot’s heads-up display) would send a message about the maturity of Swedish offensive cyber capabilities and their intent to use them. A key caveat here, however, is that the benefits of the operation must be carefully weighed against the cost, particularly if zero-day vulnerabilities need to be burned to achieve the desired effect.

Conclusion

Offensive cyber capabilities are not just the remit of great powers and rogue actors. Some states, such as Australia and Sweden discussed above, are technologically sophisticated yet perhaps do not have the remit to deploy cyber capabilities in the sort of arenas that make headlines. However, as suggested in the postulated deployment scenarios, these capabilities should not be discounted as means for achieving tactical and strategic effects in a limited context. The geopolitical situation of each country shapes these deployments and it is important to establish the desired effects before cyber capabilities are considered – they are not necessarily the most appropriate solution for every problem. Therefore, with careful deliberation, offensive cyber capabilities can be made to fit the imperatives of medium powers.

Andreas Haggman is a PhD researcher in the Centre for Doctoral Training in Cyber Security at Royal Holloway University of London. His thesis is a practical exploration of wargaming for cyber security education and awareness training. Andreas’ additional research interests span a wide spectrum of non-technical cyber security topics. He can be followed on Twitter @Andreas_Haggman.

Image Source: https://www.123rf.com/photo_49099172_puzzle-with-the-national-flag-of-sweden-and-australia-concept.html

Strife Series on Cyberwarfare and State Perspectives: Strategic effectiveness in Cyberspace – Introduction

July 10, 2018 by Shivali Bhatt

By Shivali Bhatt

Over the past couple of decades, the world has witnessed an unstoppable and almost inevitable rise in cyber-attacks and acts of digital warfare. Just over ten years ago, the Israeli government successfully disarmed the Syrian air defence system near a nuclear facility, allowing it to destroy the base without having to deal with the Syrians putting up a fight. This event marked a critical turning point for state warfare, as it exemplified the way in which cyberspace and digital technology can become an accessory to broader military strategy. A few years later, a joint built American/Israeli cyberweapon, also known as Stuxnet, unleashed havoc in Iran and a few other countries. This highly sophisticated attack not only managed to infiltrate a significant portion of cyberspace and thousands of computers but is believed to be an explanatory factor behind the rate at which states have been investing in, and advancing, their cyber capabilities.

Today, over two hundred thousand samples of malware get launched daily, and states are participating in a ‘cyber arms race’ or ‘technology arms race’. States, especially like the United States and China, are competing to acquire military edge by investing and developing skills in innovative technology, like artificial intelligence [1]. One of the main reasons behind the significant interest in technological superiority is because the rules to the global politics and warfare are changing. The instrument of cyberwarfare has and continues to become one of the most highly regarded domains for political strategy, yet each state has a different perspective and reality in this evolving context.

Therefore, the purpose of this series is to shed light on the perspectives of states, all of which possess varying cultural, geopolitical and economic contexts. A significant narrative today is how cyberwarfare and generally cyberspace are changing the balance of power in the international system. However, these arguments present themselves in the absence of critical analysis, which helps contextualise the reality and trajectory of modern cyberwarfare. The states examined in this series engage with cyberspace in different ways; at times, can be conceptualised by a set of underlying factors. They offer the reader a compelling contrast, and hopefully shall help them understand the scope for further discussion and research on the extent to which cyberwarfare is strategically effective.

In the first article, PhD researcher Andreas Haggman analyses the cyber capabilities of two ‘medium’ powers, Australia and Sweden. He identifies how they enhance their existing traditional military strategies, placing greater emphasis on the relevance of geopolitical context.

In the second article, PhD researcher Amy Ertan examines the strategic value of ‘false flags’ in a context of state-led cyberwarfare, using Russia as a critical case study. She analyses how geopolitics can act as a catalyst for those states faced with the problem of attribution.

In the final piece, Shivali Bhatt approaches the domain of cyberwarfare through the lens worn by American policymakers and critiques current narratives circulating in popular media and also specific academic communities today. Her lines of argument emphasise the underlying factors that in the case of the United States, increase strategic leverage.

We hope this series offers readers a greater insight into state perspectives on cyberwarfare and critical understanding of the domain’s strategic effectiveness.

Thanks for reading!

Strife series

Footer

Contact

Recent Posts

Tags