DEFENDING VITAL INFRASTRUCTURES—A NEW DIMENSION OF THE MODERN BATTLEFIELD

By Mr. Oded Raz

Security is one of the most basic needs of people, organisations and states—a considerable portion of man’s activity in all environments (land, sea, air, outer space, and the electromagnetic spectrum) is concerned with security issues. Both history and philosophy teach us that no scientific development can change human nature, and clashes between people and societies will continue to haunt us. Thus man-made cyberspace will also be exploited by people for their own ends, and it may safely be assumed that this medium as well will be an arena of struggle and conflict.

Due to the nature of cyberspace, accepted basic concepts such as violence, identity, location, defence, attack and speed fail to depict correctly the events taking place in it, so that the unique properties of cyberspace necessitate a different professional approach.

The new conception of how cyberspace is to be treated also has an impact on the power balance between the various players: In this kind of war developed countries are more vulnerable than those less reliant on computers, for example the case of a gifted computer expert in the Tora Bora Caves in Afghanistan being capable of disrupting electricity and transportation systems in Mumbai.

The United States of America started to pay attention to cyberspace in the context of national security as long ago as Aug 1996; since when this recognition has been growing, recently to the extent of featuring in President Obama’s statements:

“It’s now clear that this cyber threat is one of the most serious economic and national security challenges we face as a nation.

It’s also clear that we’re not as prepared as we should be, as a government or as a country.”

Investment in cyber security in the USA is not restricted only to the declaratory plane, but entails allocating significant financial and organisational resources for this purpose.

American government, military, academic and industrial bodies lead cyber security activity and have been publishing a great many researches and position papers in this field. An historical account of the development of the American approach to this subject is outside the scope of the present article; its mention here is intended as an illustration of the widespread interest it attracts in many circles in the USA in particular and developed countries in general.

Despite the youthful age of cyberspace, its potential influence has not escaped the attention of those responsible for national security—although in most countries the very occupation with this field and its contents is kept out of the public view, under the cover of secrecy.

The innovative nature of cyberspace and its failure to fit in with the basic concepts of the physical world have created a situation in which to this day no definition of the concept of cyber war has yet been formulated. However discussions are taking place around the world on war during the Information Age, computer warfare, and information wars.

Hostile activity in cyberspace may be graded by the type of damage it causes:

  1. Attacks launched against various civilian targets resulting in physical damage.
  2. Disruption of and damage to vital national information infrastructures, resulting in damage to property and to military targets within the sovereign territory of the state.
  3. Disruption of and damage to military targets outside the sovereign territory of the state.
  4. Implantation of dormant malware such as Trojan horses or a logic bomb liable to be a precursor to an attack.
  5. Criminal action, industrial espionage.
  6. Employment of double edged weapons: information gathering, search for so-called security gaps, check for incursions etc.
  7. Communication system management, propaganda, abuse, destruction of representative official Websites.

The difficulty in discussing cyber war derives from the problematic definition of the concepts of attack and defence in this medium. In order to establish that a cyber attack is part of such a war, the presence of a number of features should be checked:

  1. Organisational and geographical origin—is there a nation state behind this action?
  2. Outcome—could the attack have caused damage, and did damage and casualties in fact result?
  3. Motive—can any ideological motive be ascribed to the attack? (political ideology, macro-economics, religion etc.)
  4. Complexity—would the attack have demanded involved planning and coordinated resources mainly available to sovereign states?

In view of today’s cyberspace attributes, it is most difficult to provide clear answers to these questions, much less answers sufficient for formulating policy.

The deterrence model that proved so effective against the nuclear threat during the Cold War period is inapplicable in the cyber battlefield—mainly because of the structure of cyberspace, making it extremely difficult to identify an attack with certainty and locate speedily the origin and identity of the attacker. In the absence of ability to create a deterrent against cyber attack based on exacting a heavy price from the attacker, deterrence in cyberspace has to depend on the preclusion of any achievements by the attacker.

In order to formulate public policy, the threat has to be assessed, i.e. the scenario giving rise to the need for a policy; however, it is not possible to make a precise and objective assessment of such a threat. Assessment of the threat at the national level necessitates taking into account social and cultural values of the country and society, as a guide to the relative significance of potential scenarios and threats to the society in question. Such an assessment is invariably subjective, but it remains the fairest way to conduct a policy making process. In a democratic country the representative institutions and media serve as a channel for the public to express itself and influence national security.

It is to be born in mind that in the field of national cyber security technical experts have no monopoly in estimating scenarios and forming policy. Just as economists are not to be allowed to draw up the state budget on their own, cyber security should not be put entirely in the hands of computer people.

When analysing the importance of cyberspace as part of the theoretical approach to war, it will be regarded quite similarly to any new weapon system. To assess the relative significance of the cyber threat in the war context, the usual variables should be examined—such as effective range, destructive power, the cost of and political restrictions on its deployment, and so forth.

Cyberspace possesses a grave potential for undermining national security by bypassing the traditional national defence instruments and directly striking at vital targets in the rear. The very existence of cyberspace enables direct information transfer irrespective of political and geographical boundaries or defence systems. In this manner, the growing cyberspace medium is bringing about strategic rethinking in the handling of national security.

The cyber threat is asymmetrical: Heavy investment is not required for developing and operating the means of warfare; but to defend against these threats it is essential to deal with all the means of aggression, while keeping a continuous watch on changes and innovations.

The world of terrorism underwent a radical change following 11th September: 19 terrorists armed with Stanley knives inflicted a massive blow on the image and economy of the USA in particular and the free world in general. Billions of dollars have been expended on security technologies; being prepared in advance is the way to guarantee the ability on the one hand of minimising future damage, and on the other hand of maintaining the required level of public security.

written by:

Mr. Oded Raz – Oded Raz, is a former senior ranking security official of the Israeli Security Agency (ISA). His most recent position with the ISA was as deputy head of the protection and security division. Mr. Raz advises clients on strategic tactics for security preparedness and assists companies in both identifying alternative uses for technologies to enhance homeland security defense and integrating them into the security marketplace.oded@lotansecurity.com

This entry was posted in Critical Infrastructure and tagged , , , , , , , , , , , . Bookmark the permalink.

4 Responses to DEFENDING VITAL INFRASTRUCTURES—A NEW DIMENSION OF THE MODERN BATTLEFIELD

  1. Nguyet says:

    Great post, nice webpage design, maintain the good work

  2. Abram says:

    heya, superb wordpress blog, and an amazing understand! definitely one for my bookmarking.

  3. Bench says:

    The early riser gets through his business but not through early rising.

  4. Vikas Chauhan says:

    Hi Oded, your blog was a good read.

Leave a Reply

Your email address will not be published. Required fields are marked *