網路戰爭與嚇阻 : 以美國與俄羅斯為例 - 政大學術集成
99
0
0
全文
(2) Abstract This thesis examines the cyber operations of the United States and Russia. By examining these two separate states, and the individual cases related to their cyber development, I illustrate how notions of deterrence are developing in the cyber realm. A major problem currently facing states with regards to deterrence in cyber space, is attribution. Knowing who engages in what cyber operations is attribution. However, through analysis of United States and Russian cyber operations through the lens of Joseph Nye's approach to cyber operations and deterrence I illustrate that in the future the well known offensive advantage may lessen. Specifically, those actors besides well-organized and sufficiently funded nation-states may find cyber operations too costly and too risky to be of value. This is as a result of not just improved attribution technology, but also due to improvements in nation-state's cyber defensive postures and generally improved cyber hygiene. Further, attempts at bilateral and multilateral agreements with regards to cyber may further reduce operations; or at least, reduce operations outside of the purview of the intelligence services of various official actors. Ultimately, it is found that, in similar fashion to air power in the early 20 th century and nuclear weapons in the middle of the 20 th century, states will likely develop both tangible and intangible approaches to dealing with the threat of cyber operations. However, where status-quo powers like the United States embrace the adoption of legally binding multilateral treaties and agreements regarding cyber, other states such as Russia would rather not potentially lose an important part of what makes Hybrid Warfare operations viable. The debates on and development of cyber may involve two clear camps in the future, those supporting the status-quo and so-called revisionist powers.. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(3) 摘要 本研究檢視了美國和俄羅斯的網路運作。透過檢視這兩個不同的國家以及與他們網 路發展相關的個案,研究者舉例說明威嚇的概念是如何在網路領域中發展起來的。目前各 國在網路空間的威嚇上面臨的主要問題是歸因問題,知道有哪些人參與網路運作即屬歸因 問題。然而,透過約瑟夫·奈爾(Joseph Nye)對網路運作和威嚇的方法,對美國和俄羅斯 的網路行動進行分析,我以實例說明未來眾所周知的攻擊性優勢可能會減少。具體而言, 除了組織完善且資金充足的國家之外,其他參與者可能會發現網路運作成本太高、風險太 大。這不僅是因為改進了歸因技術,而且還因為各國在網路防禦方面有所改善,並普遍改 善了網路衛生。此外,有關網路的雙邊與多邊協議的嘗試可能會進一步減少網路運作攻擊, 或至少,減少各種官方情報單位範圍以外的行動。最終,人們會發現與 20 世紀初的空軍 戰力和 20 世紀中期的核武器類似,各國可能會開發有形和無形的方法來應對網路作戰的 威脅。但是,在現今的強權國家如美國,接受有關網路之具有法律約束力的多邊條約和協 議的情況下,俄羅斯等其他國家也不願意失去在使混合作戰行動中可行的重要角色。在未 來,關於網路的爭論與發展可能涉及兩個明確的陣營,即指那些支持現狀和所謂修正主義 的陣營。. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(4) Table of Contents Chapter 1 Introduction.....................................................................................................................1 1.1 Research Motivation.............................................................................................................1 1.2 Purpose of Research and Research Questions and Main Argument.....................................3 1.3 Literature Review..................................................................................................................5 Chapter 2 Theoretical Framework.................................................................................................13 2.1 Deterrence Theory ..............................................................................................................13 2.2 Deterrence Theory and Cyber Context...............................................................................15 2.3 Research Methods...............................................................................................................18 2.4 Sources................................................................................................................................20 2.5 Technical Discussion and Problems....................................................................................23 Chapter 3 The United States..........................................................................................................31 3.1 Threats of Punishment.........................................................................................................35 3.2 Denial by Defense...............................................................................................................39 3.3 Entanglement ......................................................................................................................45 3.4 Normative Taboos...............................................................................................................48 3.5 Conclusion...........................................................................................................................51 Chapter 4 Russia............................................................................................................................53 4.1 Threats of Punishment.........................................................................................................57 4.2 Denial by Defense...............................................................................................................67 4.3 Entanglement.......................................................................................................................70 4.4 Normative Taboos...............................................................................................................72 4.5 Conclusion...........................................................................................................................73 Chapter 5 Conclusion.....................................................................................................................76 5.1 Recommendations for Future Research..............................................................................78 5.2 Suggested Topics for Future Research ...............................................................................78 5.3 Final Thoughts and Discussion...........................................................................................79 Bibliography..................................................................................................................................82. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(5) Chapter 1 Introduction 1.1 Research Motivation The 20. th. century saw the beginning of airpower as an important and decisive aspect of all. military campaigns. Military usage of aircraft began in the first World War, with reconnaissance in particular playing a key role. By the second World War, other technologies had arrived that further enhanced the military capabilities of aircraft. In particular, long-range strategic bombing was seen as a paradigm shift in multiple theaters. Air superiority became the key factor in winning campaigns; and even at sea, aircraft carriers supplanted the once fearsome battleships in terms of importance. However, with the rising capabilities of offensive airpower, there was also a corresponding development of defensive countermeasures. Loss rates on bombing sorties in the Second World War became extremely high as a result of improved anti-aircraft weaponry and improvements in air-to-air fighters tasked with aerial interdiction and defense missions. Further, advances in rocketry over the years have led to increasing balancing between offensive and defensive capabilities; for example, Russia's natively produced S-400 Triumf anti-aircraft weapons system is infamous and feared for its quality and its predecessor, the S-300, is still used around the world. In addition, advances in radar and early-warning systems have further deteriorated the offensive advantage of aircraft that was once theorized to be insurmountable. Now, a proper military doctrine requires a combined arms approach that protects valuable aerial assets through targeting these defensive measures. Information and how it is gathered and used in military campaigns has also changed over. 1. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(6) the course of the 20. th. century. This has accelerated greatly with advancements in networking. and information technology, and to this day paradigms and doctrines are being written to account for the breakneck speed of development. Many may look at the first Gulf War as representing the peak of American power and hegemony; however, in addition to this it was one of the first truly modern conflicts of the computer age. Advanced technology was used to target Iraqi anti-aircraft assets and jamming tools were used to ensure a clear advantage for the Coalition Forces through complete air superiority. Diverse actors have looked to this conflict, and later actions by the North Atlantic Treaty Organization (NATO) in Kosovo, and devised new strategies and countermeasures to account for the overwhelming force that the United States and its allies can bring to bear on any adversary. The result has been something of a cyber arms race, with nation states valuing offensive capabilities and sophisticated hacking tools as an option for checking American hard power. One of the key actors in this space has been the Russian Federation. Beginning in 2007 with the cyberattacks on Estonia, followed by the 2008 Russo-Georgian War, and culminating in the conflict in Ukraine, Russia's use of Cyberwarfare has developed and sharpened into a trademark of their Hybrid Warfare approach. This has come about as a result of the United States' own cyber development and prowess, and was devised to counter a materially more powerful adversary. Now, the United States and its policy makers must devise a counter to these counters. This may come through a variety of deterrence avenues, likely focusing on improving attribution and network security, more and more embracing non-cyber responses to cyber affronts, and developing international norms that take into account Cyberwarfare and its pace of development.. 2. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(7) This paper will seek to better understand the formation of cyber policy and how it may develop in the future, in particular how deterrence theory will engage bleeding edge cyber operations. 1.2 Purpose of Research and Research Questions and Main Argument The purpose of this research will be to better understand how cyber developed and how it is currently developing, and in particular, how nation states will develop doctrines and strategies to deter offensive hacking. In particular, I will study Russian and United States cyber policy, and how they have affected each other. How will the United States cyber policy and technology acquisitions change to meet Russian, and other nation-state and non nation-state, challenges. In this paper, Cyberwarfare will be the key topic of discussion. Russian Information Warfare will be considered part and parcel of Cyberwarfare. Cyberwarfare in this paper will be, in a general sense, defined as “actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption.”1 These may include overt kinetic operations, such as attacks on infrastructure or weapons facilities like that of Stuxnet, or propaganda operations, like those of Russian origin in Ukraine and Georgia, or espionage operations, commonly carried out by Chinese operatives. Using this definition, the primary question will be how states, in particular the United States, may develop strategy and policy to deter future unfriendly operations. Currently offensive hacking tools are numerous and powerful. This leaves those tasked 1. Clarke, Richard A. and Robert K. Knake. Cyber War: The Next Threat to National Security and What To Do About It. New York, NY: Ecco, 2010: 6. 3. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(8) with security in an uphill battle. Network security technology is still catching up with the capabilities of aggressive hackers. This is currently being done through a variety of means that essentially boil down to developing a more dynamic and active system of network security. Further, there is still not a clear doctrine on how to respond to incursions. However, like security technology and methods, this as well is developing. In combination, the hope is that future incursions will be deterred through making offensive operations too costly to consider for most actors, and/or providing a credible and real threat of retaliation; these responses could be either directly through counter-hacks or other means, such as economic sanctions. This current problem of adequate deterrence is partly a result of the difficulty of attribution in cyberspace. It is difficult for investigators to determine who is hacking who and what their affiliations are; and without a clear target there is no way to counter-hack or respond in any productive fashion. However, progress is being made on the attribution front as more and more high-profile foreign operations are being uncovered and tracked by the US government and private security firms. Developing international legal norms may also be used by states to protect themselves in cyber-space. Currently, the international community is still developing the regulations and norms for cyberwarfare that conventional warfare has enjoyed for centuries. The United States as well may be able to take the lead here, and craft the regulations to their liking to improve deterrent capabilities. Cyberspace is still in a Wild West stage, however, even compared to just several years ago, network security technology and knowledge has improved and possible defensive policy measures have been used in the face of cyberattacks. For example, the United States placing further economic sanctions on the Russian Federation following the hacking 4. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(9) operations during the 2016 United States election is an example of using one kind of policy, separate from cyberspace, to punish transgressions in that realm. Presently, the Russian Federation and its cyber tactics have developed a fearsome reputation out of its ability to counter the foundational strategies of larger geopolitical opponents like the United States and, especially, NATO. However, over time, the United States will continue to advance technologically and strategically in the avenue of cyber and will devise counters to these Russian tactics. These include improving attribution capabilities and devising new international legal norms; that will shift the paradigm of cyber from pre-emptive and offensive focused to one that pays more attention to network security and countermeasures. While offensive airpower was once dominant and paradigm shifting, counters were developed and balancing occurred; the same will happen in the realm of cyber, and the United States, thanks inadvertently to the development of Russia's own brand of hybrid warfare, will be the entity to lead this shift so as to maintain a position of cyber superiority in the future. Cyber will not develop in an offensive kinetic fashion due to the inherent difficulty and extreme costs associated with this approach. Instead, cyberdeterrence will become integrated with other government policies, such as economic sanctions, and propaganda and espionage operations will be the primary preoccupation of network security specialists. Defensive postures will become more and more stable and serve as an increasingly powerful deterrent as attribution technology improves. 1.3 Literature Review. 5. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(10) Moore's Law states that computing power will increase exponentially as the number of transistors that can fit onto a silicon chip doubles every year or two. Since this observation was made in 1965 the pace has not broken, and more and more of the armed forces and intelligence services of nation states around the world seek to take advantage of technology improvements to gain an advantage over their rivals. Russia and the United States are of particular interest due to their different approaches in using cyber to pursue a grand strategy. Following the Cyberattacks on Estonia in 2007, the use of Cyberattacks in the RussoGeorgian War, and the use of Cyberattacks in the Ukraine and Crimea, many experts have weighed in on how significant cyber is for Russian campaigns and how it is now an important part of Russia's Grand Strategy in its near abroad. Many authors note that while much buzz is made in the western media regarding Russia and its use of cyber, in reality the Russian perspective does not differentiate between “Cyberwarfare” and “Information Warfare” 2. Instead, similar to the Soviet era, cyber is included within the domain of “Information Warfare” and used in a similar fashion. While targeted attacks to infrastructure may be made, generally Russian forces seek to capture useful information on opponents and create a “Fog of War” through cyber deception. However, authors have also noted that as Russian expertise has increased, targeted destructive attacks could be undertaken3.. 2. Giles, Keir. “’Information Troops’ – a Russian Cyber Command?” Presented at the 3rd International Conference on Cyber Conflict, Tallinn, Estonia, 2011. http://conflictstudies.org.uk/files/Russian_Cyber_Command.pdf 3. Weedon, Jen. “Beyond ‘Cyber War’” Russia’s Use of Strategic Cyber Espionage and Information Operations in Ukraine.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 67-78. Tallinn: NATO CCD COE Publication, 2015.. 6. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(11) This “Information Warfare” can be seen both locally in Ukraine/Crimea and abroad, with election hacks and funding for both far-right and far-left parties throughout Europe, along with a government funded detachment of internet “trolls.” Further, at home, Russian texts frequently regard cyber as an existential threat where Russia is actually supremely vulnerable to outside forces. If Russian policy-makers do indeed view Russia as vulnerable in the realm of cyber, state actions often do not align with these expectations. It has been suggested that Russia's current aggressive policies, both on the ground and in cyberspace, reflect one of Stephen van Evera's explanations for why states go to war, defensive expansionism4. This explanation for Russian geopolitical actions is further strengthened when viewing Europe as a contest between Russia and NATO/The United States. Russia has tailored its Cyber strategy to bypass the deterring tripwires of NATO. For example, by creating a Fog of War in Crimea and Eastern Ukraine, maintaining plausible or implausible deniability, and by controlling flows of information into and out of these areas, Russia was able to delay any western responses and establish boots and facts on the ground. With an established presence in Eastern Ukraine and Crimea, the cost of western escalation has risen greatly 5. Therefore, it can be argued that Russia's cyber strategy, and Grand Strategy, is tailored specifically towards defeating NATO and western influences and protecting its near abroad. 4. Medvedev, Sergei A. “Offense-Defense Theory Analysis of Russian Cyber Capability.” Master’s Thesis, Naval Postgraduate School, 2015. http://calhoun.nps.edu/bitstream/handle/10945/45225/15Mar_Medvedev_Sergei.pdf? sequence=1 5. Wirtz, James J. “Cyber War and Strategic Culture: The Russian Integration of Cyber Power into Grand Strategy.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 29-38. Tallinn: NATO CCD COE Publication, 2015. https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Wirtz_03.pdf. 7. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(12) The United States has frequently been described as a nation under severe cyber attack from media outlets, but in reality the United States maintains a clear advantage in the realm of cyber. As many leaks and reports have shown, the United States has a wide variety of sophisticated offensive hacking tools that can both obtain information and engage in targeted attacks with little risk of reprisal. For the cyber hegemon, the greatest preoccupation is network security and maintaining its preeminent status. While Russia and China both acknowledge their own weaknesses and seek to tailor their strategies around this deficiency through offensive cyber development, the United States faces the opposite problem. One major issue with devising defensive strategies of deterrence is the problem of attribution inherent in cyber activities. If Russian hackers can operate out of Nigeria using techniques that are more associated with Chinese government operatives to target critical United States systems, how can network security operatives quickly find the culprits and recommend adequate responses. Legal norms have been suggested as a means of deterring future cyber attacks 6, however this all requires adequate attribution. A more comprehensive deterrence structure would involve technical approaches such as dispersing networks, IP hopping, use of the Cloud, data fractioning, and others, while able to detect and immediately respond to attackers in asymetric ways. This would involve keeping active defense measures in place 24 hours a day. This multifaceted approach would deter through difficulty in the act of hacking, and the immediate response that could be expected from a network's defenders7. 6. Lotrionte, Catherine. “A Better Defense: Examining the United States’ New Norms-Based Approach to Cyber Deterrence.” Georgetown Journal of International Affairs Special Cyber Issue, 3rd ed. (January 2014): 71-84. http://journal.georgetown.edu/wpcontent/uploads/2015/07/gjia13007_Lotrionte- CYBER-III.pdf. 7. Fahrenkrug, David T. “Countering the Offensive Advantage in Cyberspace: An Integrated. 8. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(13) United States cyber power was most evident to the world with the Stuxnet attacks on Iranian nuclear facilities. However, in retrospect, there has been much debate on whether the attacks themselves were valuable and whether these kinetic attacks will be an important aspect of cyber activities in the future. Empirical studies on kinetic attacks flip the common script of weaker powers directly attacking the infrastructure of larger powers. Instead, the high costs and marginal benefits of these attacks reveal that while kinetic attacks are an option for wealthy powers, they often will not have the catastrophic results that many envision 8. Rather, these targeted attacks, when taking Stuxnet as the prime example, may marginally slow or hamper a target. The development and operational costs for these targeted attacks will generally outweigh benefits except for top powers like the United States9. However, if the costs of offensive hacks were to decline and defensive measures were not improved, even the United States and its infrastructure would be at risk of sabotage from rival powers10; although it is noted that this power is still out of reach for most operators 11. A caveat with kinetic attacks to also be considered, is that with clandestine cyber attacks the physical results may not be of the utmost importance. Instead, the messages and changes in perceptions may be the end goal; messages and perceptions that may alter later diplomatic proceedings. This empirical analysis calls into. Defensive Strategy.” Presented at the 4th International Conference on Cyber Conflict, Tallinn, Estonia, 2013. https://ccdcoe.org/cycon/2012/proceedings/fahrenkrug.pdf 8. 9 10. 11. Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment.” International Security Vol. 41 Issue 3 (Winter 2016/17): 72-109. Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22, Issue 3 (2013): 365-404. Applegate, Scott D. “The Dawn of Kinetic Cyber.” Presented at the 5th International Conference on Cyber Conflict, Tallin, Estonia, 2013. https://ccdcoe.org/cycon/2013/proceedings/d2r1s4_applegate.pdf Baylon, Caroline, Roger Brunt, and David Livingstone. “Cyber Security at Civil Nuclear Facilities: Understanding the Risk.” Chatham House. 2015. Clayton, Blake and Adam Segal. “Addressing Cyber Threats to Oil and Gas Suppliers.” Council on Foreign Relations. 2013.. 9. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(14) question future doctrine and strengthens the argument that the future of cyber will not be kinetic and offensive, but rather will focus on espionage and information conflicts while large powers strive to maintain a secure network through an advanced defensive posture. Cyber and Information War itself has been a subject of debate by academics and industry leaders. Of particular mention has been the discussions of whether offense will overwhelm defensive measures or vice-versa in the future. Generally speaking, authors agree that it is currently all but impossible to stop cyber incursions from motivated attackers 12.. While. commonality is found with regards to the current power of offensive operators, the most interesting analysis is regarding how embattled states may craft policy to deter hackers. Approaching hacks from a cost/benefit perspective, as suggested by Nye 13, as opposed to purely from an absolute power dynamic would be an appropriate approach in researching what may lead to a more stable world. Many authors will analyze singular factors that may lead to deterrence, such as legislation, norms, active defense, and others; however, Nye and Slayton have offered cumulative studies that illustrate the subtlety of cyber operations. It is likely that in the coming years as this research becomes more advanced and political scientists more aware of technological advances, the literature will become more focused on the gray areas that make cyber and deterrence so difficult to reconcile when compared to nuclear and conventional weapons. In particular, a focus on the need for a combination of policies to provide adequate 12. 13. Junio, Timothy J. “How Probable is Cyber War? Bringing IR Theory Back in to the Cyber Conflict Debate.” Journal of Strategic Studies, (2013). Libicki, Martin C., Lillian Ablon, Timm Webb. “The Defender’s Dilemma: Charting a Course Toward Cybersecurity.” RAND Corporation. 2016. Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security Vol. 41 Issue 3 (Winter 2016/17): 44-71.. 10. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(15) deterrence as opposed to simply more offensive capabilities, active defenses, or international norms individually. Lastly, as mentioned by Nye, attempts at complete deterrence will likely change and researchers may engage with models from other disciplines, such as public health models, in dealing with illicit cyber activity; focusing on gradual harm reduction instead of complete deterrence. Some authors, discussing policy, have suggested a more “active defense” that acts as a primary deterrent14. This policy has also been criticized because of attribution issues, risks arising from too hawkish a stance, amongst others 15. Other authors have offered research on using norms building and legislation to respond to cyber attacks and/or espionage and deter future attacks16. Although, the likely best simple and quick policy options would be further research on and hardening of local networks and, more importantly, proper training for staff in handling sensitive materials. Many hacks are as a result of human error, and are as simple as using an infected USB stick or clicking on a spam e-mail. This avenue would likely offer the most immediate results, given the rudimentary means that many hackers are using to infect even secure networks. Cyberwarfare will continue to gain importance as each year passes, and every nation state 14. 15. 16. Rivera, Jason, and Forrest Hare. “The Deployment of Attribution Agnostic Cyberdefense Constructs and Internally Based Cyberthreat Countermeasures.” Presented at the 6th International Conference on Cyber Conflict, Tallinn, Estonia Geist, Edward. “Deterrence Stability in the Cyber Age.” Strategic Studies Quarterly, (Winter 2015): 44-62. Hathaway, Oona A. “The Drawbacks and Dangers of Active Defense.” Presented at the 6th International Conference on Cyber Conflict, Tallinn, Estonia, 2014. Demchak, Chris C. and Peter J. Dombrowski. “Rise of a Cybered Westphalian Age”. Strategic Studies Quarterly, (Spring 2011): 31-62. Buchan, Russell. “The International Legal Regulation of State-Sponsored Cyber Espionage.” In International Cyber Norms: Legal, policy & Industry Perspectives edited by Anna-Maria Osula and Henry Rõigas, 65-86. Tallinn: NATO CCD COE Publication, 2016.. 11. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(16) will devise their own cyber-strategy tailored towards their own goals. The Russian and United States cases show that different material and historical circumstances will affect policy in this regard, in addition to perceptions of power disparities. Of most interest, however, is how advancements in the United States may tip the balance from an offensive focused cyber paradigm to one that more explicitly favors defense and may one day lead to the development of a legal norms based and holistic approach to cyberincursions that may act as an adequate deterrent.. 12. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(17) Chapter 2 Theoretical Framework The following chapter will first introduce deterrence theory and the reasoning for its importance to the topic will be explained. Following a general discussion of deterrence theory, specific aspects devised by Joseph Nye will be contextualized into a cyber paradigm. The author will then explain how these aspects will be used in this analysis. Next, the author will then note and describe the specific qualitative methods used in this paper and will note and describe the variety of sources used and why. Next will be a short section on technical aspects of the subject. 2.1 Deterrence Theory The author will be approaching the question of the paper, how will United States cyber policy change in the future; and will the policy changes be more offensively or defensively oriented, with the aid of Deterrence Theory. Deterrence Theory has been discussed and debated for hundreds of years, however it gained great significance during the Cold War. In particular, the idea of a nuclear powered state fending off the aggressions of a non-nuclear and otherwise significantly more powerful enemy state. Thomas Schelling's work, Arms and Influence, contributed greatly to Deterrence theory; arguing that in modern day international relations, military strategy now included concepts of coercion, intimidation, and deterrence.17 Further, many theorists would approach Deterrence using Rational Choice theory and especially Game Theory modeling. It was from these approaches that many scholars would engage in studies of arms control and nuclear stockpiles; which would lead to further studies, quantitative and qualitative, on first-strike, second-strike capabilities and so on. The end of the 20 th century and the Cold War provided a fertile ground for this research, as the International Community was 17. Schelling, Thomas C. Arms and Influence. Yale University Press, 1966. http://www.jstor.org/stable/j.ctt5vm52s.. 13. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(18) split between East and West. This allowed for academics to assume rationality on the part of the United States and the Soviet Union, respectively; as both powers were seeking similar goals. However, Deterrence theory has faced frequent criticisms throughout the 20 th and 21st centuries. Some of the most common include the situation wherein an irrational opponent cannot be deterred outright, the situation where one nation attempts to gain a surprise first-strike advantage over its opponent, diplomatic bungling may lead to increased perceptions and misconceptions of threat which may lead to an arms race; an inefficient result, and that heightened perceived threats would allow governments to impose measures on its citizenry such as limitations on civil liberties, increased deficits and taxes, and the creation of a militaryindustrial complex. Much modern criticism focused on the irrationality of many threats. For example, as suicide bombings and ideological conflicts have become the new normal, these opponents are unlikely to be deterred by traditional means. As a result, many states have reduced their nuclear stockpiles and pursued a policy of minimal deterrence, where only enough of a stockpile is maintained to prevent attacks.18 This, in contrast to mutually assured destruction, where any attack would lead to a retaliation using full force. Further, as conflicts have become more and more regional, nuclear weapons have less deterrence value compared to in a conflict like the Cold War. Some analysts now see the nuclear age as passing, and cyber taking its place.19 In particular, the destructive power of various hacks and the damage that could be wrought on a domestic audience if classified documents were released that altered political 18. 19. Kristensen, Hans M., Norris, Robert S., and Ivan Oelrich. “From Counterforce to Minimal Deterrence: A New Nuclear Policy on the Path Toward Eliminating Nuclear Weapons.” Federation of American Scientists and The Natural Resources Defense Council. Occasional Paper No. 7. April 2009. https://fas.org/pubs/_docs/occasionalpaper7.pdf Virilio, Paulo. "The Kosovo War Took Place in Orbital Space." Interview by John Armitage. CTheory. October 18, 2000. Accessed March 26, 2018. http://www.ctheory.net/articles.aspx?id=132.. 14. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(19) processes. It is then timely to note that the 2016 United States election was mired in this sort of controversy. From this, it seems important to approach deterrence in a different and more evolved manner. In particular, focusing not on the assured destructive capabilities of nuclear weapons but on the longer term and more subtle damage that cyber operations can inflict. 2.2 Deterrence Theory and Cyber Context The author will approach deterrence in the cyber realm in a similar fashion to the earlier mentioned Joseph Nye article; in particular disregarding fanciful ideas of total prevention and focusing on a reduction of incursions and dissuasion. Nye lists “four major mechanisms to reduce and prevent adverse actions in cyberspace: threat of punishment, denial by defense, entanglement, and normative taboos,” and also notes the latter two are not strictly considered deterrence; although views them as important and useful from a policy perspective. Punishments are the direct retaliatory use of force against aggressors, or more accurately, the threat of retaliation that will deter aggression. Punishment in the cyber realm is also the most difficult as a result of attribution issues and, in the United States, a reticence to reveal offensive capabilities to the general public. However, while deterrence through punishment is difficult and frequently criticized in cyberspace, it is still a valid option and may grow in importance if attribution capabilities also improve. Denial by defense as deterrence is increasingly gaining in importance as cyber operations are approached in less absolute terms. Hardening of important systems and developing resilience and recovery capabilities changes the value judgements of attackers. Where previously cyber operations may have been effective and cost efficient, if cyber defenses improve then future. 15. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(20) attackers may be dissuaded due to the low chances of success. Further, if systems are hardened and easily recoverable, there is even less value in aggressive infiltration operations and the risks to the attackers of retaliation further alter the calculations. Nye discusses this aspect of deterrence in cyber by bringing up disparate fields, such as public health models, where proper “cyber hygiene” may aid in preventing unsophisticated hackers from affecting important systems. While more sophisticated attacks may get through, if the majority can be prevented through improved defensive measures that is progress. In addition to mechanisms of classical deterrence, Nye also looks to Glenn Snyder's definition and concept of “Broad Deterrence” that includes ideas of entanglement and norms. Entanglement, as used by Nye, “refers to the existence of various interdependencies that make a successful attack simultaneously impose serious costs on the attacker as well as the victim.” An example in the world of cyber would include a hostile power not engaging in aggressive cyber operations due to the value of the internet and a global open cyberspace to their economy. There are examples of this phenomenon occurring in other areas as well, particularly between great states that are competing economically and militarily. This additional factor is interesting to examine when analyzing the future of cyber, the internet, and economies. As the internet and technology contributes more and more to economies around the world, entanglement may reduce state sponsored operations in favor of fostering an open and profitable environment. Norms and taboos are in the earliest stages of development with regards to cyber. Past examples in history would be with regards to nuclear weapons. While tactical nuclear weapons and miniaturized versions were considered for conventional usage, over time the concept fell out. 16. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(21) of favor and in the present nuclear weapons are seen as a last resort option that should never be used except for in the rarest of instances. If a state were to use nuclear weapons, unless circumstances were dire, they would assuredly receive international condemnation. Cyber may also develop these elements if nation states take the lead to proactively put limits on how cyber will be used in the future. Similarities could be seen to biological and chemical weapons bans and agreements, where while some actors did maintain and use them, they were considered to be largely taboo in the international community. The United States and Chinese governments have offered international legislation in this direction, although currently there is still little beyond the beginnings of norms development. From this theoretical approach, the author will analyze the respective subjects and their unique cases. In the case of the United States, there are also points that may be examined through this framework. Threat of punishment has developed a growing group of supporters in the United States, and it all ties into how attribution technology will develop to aid in this strategy. Denial by defense has also been improving, as a new cyber posture is developing in the United States armed forces and new technology is being rolled out for this specific purpose. Entanglement may be seen in how the United States approaches its interactions with Russia, and other major states, to deter future hacks. For example, direct negotiations with foreign officials on this subject, and in particular China.20 Lastly, the United States has been involved in developing norms and taboos with foreign powers to reduce cyber incursions, especially with China because of the strong economic ties found between the two nations.. Harold, Scott W. "The U.S.-China Cyber Agreement: A Good First Step." The Rand Blog (blog), August 1, 2016. Accessed March 26, 2018. https://www.rand.org/blog/2016/08/the-us-china-cyber-agreement-a-good-first-step.html. 20. 17. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(22) In the case of Russia, one can examine all four points. Regarding threats of punishment, it is most interesting to examine how Russia has used cyber to undermine traditional notions of deterrence by its geopolitical rivals.21 Further, it has maintained cyber capabilities that likely prevent operations from rivals such as Ukraine and Georgia. Russia has also managed to break through many states defenses, leaving many scrambling to develop better denial capabilities. Entanglement is also likely at play, preventing Russian operatives from engaging in direct kinetic cyber operations in already compromised systems, for example in Ukraine. 22 Norms and taboos may also be involved, as Russian operatives are not known for kinetic operations. This may be because of an inherent fear of reprisals in that regard. The author will more fully elucidate all of these points in each state's respective chapter. 2.3 Research Methods The author will approach this research qualitatively, focusing on cases involving Russian and United States cyber operations. These subjects are, along with North Korea and China, some of the most powerful and visible cyber players in the world. As such, there is a wealth of history and research on specific events and these states respective cyber postures and infrastructures. In particular, the author will be examining Russian cyber operations during the Estonian Cyber Attacks, the Russo-Georgian War, and the conflicts in Ukraine and Crimea. Russian cyber operations are important to analyze because they are some of the only examples that have. 21. Wirtz, James J. “Cyber War and Strategic Culture: The Russian Integration of Cyber Power into Grand Strategy.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 29-38. Tallinn: NATO CCD COE Publication, 2015. https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Wirtz_03.pdf 22. Roigas, Henry “The Ukraine Crisis as a Test for Proposed Cyber Norms.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 135-144. Tallinn: NATO CCD COE Publication, 2015. https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Roigas_15.pdf. 18. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(23) occurred in hot conflicts. Further, the methods used by Russian operatives is arguably designed to degrade and weaken previous notions of deterrence in Eastern Europe and to degrade and weaken any opponents to Russian preeminence in their near abroad. This aspect of Russian cyber operations directly allows for further discussions of deterrence and how it will operate and be used in a new and developing cyber paradigm. The author will also be examining United States operations and, in particular, how United States cyber policy has shifted to account for a changing Russian threat. An interesting aspect of the relations between the United States and Russia has been a long studied history of conflict. Or to simplify, the later stages of the 20th century were shaped by the Cold War and the competition between the West and the East. In particular, modern deterrence studies emerged from this competition; and it was further bolstered by the nuclear bomb and its coinciding fears. Now, new technologies are emerging that raise further questions regarding the viability of deterrence and what the relationship between the United States and Russia will look like in the future. In addition, the United States approach to cyber is vastly different from its Russian counterpart. Russian operations are often more based on a concept of Information Warfare and propaganda. 23 In contrast United States operations owe more to Clausewitzian concepts of decisive battles and have involved direct kinetic attacks; one of the top examples being the Stuxnet computer worm that targeted Iranian nuclear facilities. This computer worm was precisely targeted and destructive in its intent. This differs greatly from Russian Information and Propaganda operations. 23. Giles, Keir, “Russia’s Public Stance on Cyberspace Issues,” presented at the 4th International Conference on Cyber Conflict, Tallinn: Cooperative Cyber Defense Centre of Excellence (2012): 63-74, https://ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf. 19. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(24) However, as technology improves conceptions of Cyber are changing. Past operations have, as stated, conformed to prior ideologies of warfare that were also culturally biased. For example, Russian Cyber operations have largely been based on controlling and manipulating information. This Information Warfare has been a key strategy since the Soviet era, and continues to the present; even going as far as potentially affecting United States electoral proceedings. In contrast, the United States has been more kinetic and often used to support combat operations. Further, these operations were placed within conventional warfare and diplomatic paradigms. The new technology was an additional tool, not yet causing paradigm shifts of its own. However, as technology continues to improve, cyber may break away further and begin to change previous paradigms; similar to airpower in the early 20th century alluded to earlier in this paper. The United States and Russia are two of the leading actors in cyberspace, and as a result are the best subjects of study to determine whether Cyber is changing and how ideas of deterrence may or may not be changed. 2.4 Sources This paper will make use of a variety of sources, primary and secondary. It must be noted, however, that due to the constantly changing and also clandestine nature of current cyber operations, official government documents are scant and in many cases third-party research groups and individual scholars are providing the bulk of useful information. For example, the United States has an official Cyber Command and issues reports and public information regarding doctrine and, rarely, capabilities24. In contrast, the Russian state apparatus is much 24. "U.S. Cyber Command (USCYBERCOM)." United States Strategic Command. September 30, 2016. Accessed March 27, 2018. http://www.stratcom.mil/Media/Factsheets/Factsheet-View/Article/960492/us-cyber-commanduscybercom/.. 20. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(25) more tight-lipped and it falls to the aforementioned third-party research groups to provide adequate information for analysis25. When analyzing Russian operations it is possible to look to past doctrines and documents for guidance. For example, because Cyber is still viewed within older paradigms, it is possible to use notes on Information Warfare and Propaganda to assist in understanding how Cyber is currently being used and may be used in the future by Russian operatives.26 The United States, while being much more public in its Cyber operations, is also similar. There is a large history of intelligence operations and military doctrines that provide a framework for analyzing current Cyber operations. However, as noted earlier, as paradigms change this prior history may no longer be relevant in analyzing cyber and its affects on policy. Outside of official documents, the secondary sources will be comprised of a variety of research groups, think tanks, and commercial groups. The author will frequently make use of analysis from The Tallinn Manual27, an ongoing study on how international law applies to cyber conflicts and cyber wars. The research group is composed of a variety of subject matter experts and led by Professor Michael N. Schmitt, professor at the United States Naval War College and the University of Exeter; other contributors include various academics from the United States and Europe, United Kingdom Royal Air Force officers, Canadian military officials, and United States military officials. Prior to its initial publication, the Tallinn Manual was peer-reviewed by fellow international legal scholars. The Tallinn Manual was written at the invitation of the NATO Cooperative Cyber Defense Centre of Excellence, although the study and views 25. Giles, Keir. “’Information Troops’ – a Russian Cyber Command?”. Heickerö, Roland. (2018). FOI Emerging Cyber Threats and Russian Views on Information Warfare and Information Operations. Schmitt, Michael N. Tallinn Manual on the International Law Applicable to Cyber Warfare. Cambridge: Cambridge University Press, 2013. doi:10.1017/CBO9781139169288.. 26 27. 21. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(26) contained within are considered independent of official NATO policy. The Tallinn Manual is an important source of information because it is one of the first attempts at studying the legal dimensions of Cyber Conflict and how to apply international law to these matters. In 2017 a Tallinn Manual 2.0 was released, focusing on Cyber legality questions below the level of destructive conflict.28 The author will make use of peer-reviewed articles focusing on more theoretical and less technical aspects of Cyber and its changing paradigms. Some of the journals included will be Strategic Studies Quarterly, the Journal of Strategic Studies, Security Studies, International Security, and others. These articles will offer both a broader analysis of Cyber operations and how it relates to theory and more narrow analysis and research of specific cases and events. In particular, when examining Deterrence and how it will operate in a Cyber paradigm, these articles will be extremely useful. However, because of the technical nature of Cyber operations and the generally less technically savvy nature of Political Science and International Relations, there cannot be a complete understanding of the subject without also engaging with technical experts and computer science experts. That is the primary deficiency of purely engaging with Social Science on this subject. The author will make use of more technical journals to bridge this gap. Some of these will include Network Security, Computers & Security, IEEE Security & Privacy, amongst others. The goal will be to bridge the gap between hard and soft sciences as well as possible. As alluded to, the author will also make use of various commercial technical reports on. Schmitt, Michael N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. Cambridge: Cambridge University Press, 2017. doi:10.1017/9781316822524. 28. 22. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(27) hacks and various other cyber operations. One of the most cited companies will be FireEye, Inc. FireEye is an American cybersecurity company that provides security products and services against more advanced threats. The company has also been hired to research high-profile hacks of companies such as Sony Pictures, Target, and JP Morgan Chase, amongst others. FireEye is also known for publishing Advanced Persistent Threat reports. These APT reports analyze hacking operations waged by nation states, and have exposed North Korean, Iranian, Russian, and Chinese operations.29 The APT 28 report, in particular, sheds much light on current Russian cyber operations and their technical attributes.30 Also of note, the FireEye researchers often collaborate with universities and governments in their assignments. 2.5 Technical Discussion and Problems The technical nature of this subject results in some unique features that require explanation. When analyzing Cyber operations, it is important to understand the various means that are used to complete objectives and how sophisticated operators may differ from amateurs. For amateurs, the goal is often to cause havoc for individual amusement, support a greater cause, or possibly seek monetary gains through illicit means. These operators will often make use of more rudimentary tools, such as various types of malware, or rudimentary methods, such as phishing, to achieve their goals. Phishing is an attempt to obtain sensitive information online by disguising oneself as a trustworthy entity. The more advanced form is known as Spear-Phishing, where entities attempt to obtain sensitive information from specific targets. It is common for hackers to. "Advanced Persistent Threat Groups." FireEye. Accessed March 27, 2018. https://www.fireeye.com/currentthreats/apt-groups.html. 30 APT28—A Window Into Russia’s Cyber Espionage Operations?. Special Report. FireEye, 2014. https://www2.fireeye.com/apt28.html. 29. 23. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(28) use false emails or websites to gather this information. In some cases, however, these amateur users may receive more advanced hacking tools from separate entities. For example, this has been an alleged practice of Russian government officers; dispersing more advanced tools to the public in order to achieve geopolitical objectives.31 More advanced criminal groups generally operate with the goal of enriching themselves financially; although some nation states will allegedly do the same.32 Often operations involve targeting the personal information of customers of large corporations. Once breached, this data may be sold on the black market. This has occurred frequently in the past decade to major companies such as Target, Yahoo, and Equifax. In addition, criminal groups may seek out exploits and design their own hacks; which they may then sell for a profit on the black market. Nation states will differ from individuals and unaffiliated groups in terms of why and how they engage in cyber operations. For the why, nation states generally have some geopolitical goals that motivate their cyber operations. For example, Russian operatives may want to destabilize unfriendly neighbors or add another layer of plausible deniability to their operations. On the other hand, United States operatives may directly target specific items for destruction through kinetic means, as was the case in Iran. Generally speaking, the why is simply to pursue national interests. The how is where differences appear. These differences may result from disparities in technical abilities and even cultural aspects may affect how cyber operations are undertaken by separate nations. 31. Bumgarner, John and Scott Borg, “Overview by the US-CCU of the Cyber Campaign against Georgia in August of 2008” United States Cyber Consequences Unit, August, 2009, http://www.registan.net/wpcontent/uploads/2009/08/US-CCU-Georgia-Cyber- Campaign-Overview.pdf. 32. Cordesman, Anthony H. with the assistance of Charles Ayers. Korean Special, Asymetric, and Paramilitary Forces. Washington, DC: Center for Strategic and International Studies, 2016. 29. https://csisprod.s3.amazonaws.com/s3fs-public/publication/160809_Korean_Special_Asymmetric_Paramilitary_Forces.pdf. 24. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(29) The United States and its level of technical prowess is difficult to properly contextualize. One example of the high level of technical abilities can be found in the EternalBlue exploit developed by the National Security Agency.33 This exploit, targeting all Microsoft Windows versions prior to 8, was initially used to gather intelligence from targets worldwide. While extremely successful in this mission over the course of roughly five years, it was later stolen and released into the wild. This resulted in the subsequent worldwide spread of the WannaCry virus, that was one of the most disruptive in history. The WannaCry virus was developed using aspects of the EternalBlue exploit taking advantage of vulnerable Microsoft users; although, the goal of this virus was largely financial gain rather than to gather information. Another example would be that of Stuxnet, the computer worm that targeted and disabled Iranian centrifuges in a rare kinetic-style attack. As these varied operations show, the United States is far and away the most dangerous and proficient cyber power in the world. Most cyber operations are undertaken by the NSA, and involve cutting edge exploits to gather sensitive intelligence. A common technique used by NSA researchers involves finding zero-day exploits. These are exploits that take advantage of computer-software vulnerabilities and are completely unknown to those that would be interested in fixing said exploits. This includes the software and computer companies themselves, as seen in the earlier example of EternalBlue, where the NSA exploited Microsoft Windows vulnerabilities without notifying Microsoft. United States intelligence gathering is further enhanced by programs such as PRISM and MUSCULAR and alliances such as Five 33. Nakashima, Ellen, and Craig Timberg. "NSA Officials Worried about the Day Its Potent Hacking Tool Would Get Loose. Then It Did." Washington Post, May 16, 2017. Accessed March 24, 2018. https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hackingtool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html? utm_term=.4ec69cfa3812.. 25. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(30) Eyes. PRISM is the much written about program wherein the NSA gathers data from various United States internet companies such as Yahoo and Google. However, it should be noted that with PRISM, there are legal processes involved in data collection. MUSCULAR is another data collection program wherein the NSA and British Government Communications Headquarters clandestinely broke into communication links that connect data centers for Yahoo and Google. MUSCULAR requires no warrants because of its clandestine nature and as a result has collected twice as many data points when compared to PRISM. 34 These are only some of the programs that have come to light, it would be unlikely for there not to be other intelligence gathering programs active. Five Eyes is an intelligence alliance composed of Australia, Canada, New Zealand, the United Kingdom, and the United States. It is one of the most comprehensive and successful intelligence gathering alliances in the world and Five Eyes nations jointly run intelligence gathering programs such as PRISM and MUSCULAR. In addition to intelligence collection through zero-day exploits, the United States has also shown an ability to engage in kinetic style attacks when needed. The most famous example of this is found in the Stuxnet worm, previously mentioned. The Stuxnet worm was developed to target Iranian nuclear centrifuges, and ultimately infected hundreds of thousands of computers and caused 1,000 machines to be damaged. The design of the worm itself made use of zero-day exploits, however its introduction to Iranian computers was likely carried out through an infected USB disk. A computer worm is a self-replicating computer program that may spread to other 34. Gellman, Barton, and Ashkan Soltani. "NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say." Washington Post, October 30, 2013. Accessed March 24, 2018. https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centersworldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html? utm_term=.12576195b082.. 26. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(31) devices and when spread executes commands. In the case of Stuxnet, this was to manipulate centrifuge operating systems and cause direct damage. Lastly, the United States likely has its own Advanced Persistent Threats targeting various nations. An Advanced Persistent Threat is a long-term stealth hack, wherein operators work on a normal schedule to discretely retrieve data from the target. The term itself may refer to traditional espionage or attacks, but generally is used to refer to long-term intelligence missions. Targets may range from governments to private businesses. Most current writing will refer to Russian and Chinese led Advanced Persistent Threats that have been discovered, although it would be hard to discount the strong possibility of United States operators engaging in this approach as well. Russian approaches to cyber operations have so far differed from United States approaches. This is likely due to separate geopolitical objectives, as well as a historical context that does not separate cyber operations from conventional operations as clearly as its American counterparts. There are two primary types of operations that have become signatures of Russian intelligence in the past decades. The first has been waging Information War, which in combination with other operations becomes the trademark Hybrid Warfare. Russian operatives are known for manipulating ingoing and outgoing information from target areas along with conventional and irregular combat operations to pursue national interests without attribution and/or retribution. Examples of this approach are common in the past decades, culminating in Ukraine, where Russian forces were able to disguise and muddy available intelligence long enough to establish boots on the ground. The cyber aspect of this Hybrid Warfare owes much to. 27. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(32) the Soviet legacy of Information Warfare and propaganda. Russian forces use cyber methods such as fake news and other types of subversion through the mass media to influence various populaces. A second important type of operation are the previously mentioned Advanced Persistent Threats. One of the most famous is known as Cozy Bear, or advanced persistent threat APT29. APT29 was implicated in the spear-phishing campaign against the Pentagon in 2015, the Democratic National Committee hacks in 2016, and in attempting to hack into various other government databases.35 Russian APT's are, along with Chinese, considered some of the most proficient in the world. In a cyber landscape that sees security threats growing in number each year, it is more important than ever to pursue adequate defensive measures. The easiest way to immediately see defensive gains is through simple cyber hygiene. This involves frequent internal educational programs and testing for government workers. Developing awareness of what Phishing is and why to avoid strange USB sticks or other possibly compromised materials would help the most in the short term. In the medium term, developing a strong defensive cyber posture would help greatly in reducing incursions. This would be as a result of multiple factors. Firstly, a more secure network will inherently ward off attack attempts because of the time required to penetrate secure systems. Time would be better off spent pursuing other objectives. Secondly, a more secure network would simply be harder to penetrate if attempts were made. Long-term, accurate attribution of attackers would tip the balance further towards the defender. If hostile operators were able to be identified and shamed, this would cut down on attempts because there would be. 35. HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Special Report. FireEye, 2015. https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf. 28. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(33) an inherent risk associated with hacking. Currently, there is a small element of risk, but attribution technology has not advanced enough to consistently attribute hacks to the hackers in a timely manner. Attribution is one of the largest problems facing network security experts. There are currently several ways to attribute an attack. One involves analyzing the source data, such as the IP addresses of the attackers or even emails. However, this information can easily be falsified to provide a false trail. Another involves analyzing the actual programming of the malicious software. For example, maybe the software was written on a Cyrillic keyboard, linking the attacks to Russian operatives. However, again, this is information that could be planted to provide a false trail for forensic analysts. A third option involves analyzing the behavior of the attackers. For example, if the attacker is an Advanced Persistent Threat, if they operate during regular government business hours in China consistently, it is likely of Chinese origin. Another option involves analyzing what was attacked or what data was taken. Sensitive financial information likely leads to criminal enterprises, whereas sensitive personal information on specific government officials would likely lead to a nation-state actor. Lastly, analysts may consider larger geopolitical factors in attributing hacks. For example, if a regime is currently under harsh sanctions and needs untraceable liquid assets, it may target bitcoin repositories or attempt to find other means of obtaining financial assets. Attribution currently is largely a guessing game and highly speculative, as it is extremely difficult to completely and conclusively attribute attacks. Without conclusive evidence of wrongdoing, it is impossible to punish a transgressor, and without any forms of penalty for cyber wrongdoing attackers will continue to. 29. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(34) operate with relative impunity. Further, when it is borderline impossible to conclusively attribute certain operations to certain nations, this impacts how security and threat reports may be analyzed by scholars.. 30. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(35) Chapter 3 The United States The United States currently finds itself as the preeminent cyber power. This status has come about thanks to decades of research and development. Beginning in the 1960s, computer scientists began to explore new ideas that would become the foundation of the modern internet. One of the most important iterations was the Advanced Research Projects Agency Network, also dubbed as ARPANET. This project was initially tasked with connecting academic and military networks around the United States and later the world. It quickly flourished and added more members throughout the 1970s and 1980s, largely consisting of universities and government hosts. Meanwhile, network designs were also being further developed and the Internet Protocol Suite we now use today appeared. The Internet Protocol Suite is the model and set of protocols that are used on the internet. Essentially, the Internet Protocol Suite, or TCP/IP, determines how data should be transmitted and received. In 1982, the Internet Protocol Suite was standardized, allowing for worldwide proliferation of interconnected networks. At its core, the internet and modern networking owes much to the United States military and its support. Its development was thanks to Department of Defense funding, and while its later iterations were less focused in scope, initially the concept was developed with the Cold War in mind.36 This American focus on technology and its military uses would be clear in the latter stages of the 20th century and into the 21st. The First Gulf War in many ways introduced the world to modern warfare. The United States military, after heavy reorganizations and rethinking following Vietnam, and its allies repelled Iraqi forces from Kuwait and dominated the tactical landscape with extremely low casualties. This was thanks to a number of reasons that have been “Paul Baran and the Origins of the Internet.” Rand Corporation. https://www.rand.org/about/history/baran.list.html. 36. 31. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(36) discussed and debated at length; and one of the key reasons cited has been technological developments and how they have been integrated into United States military operations.37 The United States and its coalition allies in Iraq were able to establish complete air superiority, monitor Iraqi forces, communicate between themselves, and spy on Iraqi communications with impunity. Essentially, coalition forces had developed technology that eliminated one of the most dangerous aspects of warfare, the Fog of War. The incredible success of the campaign would put the world on notice regarding how wars would be fought in the future. In 1999, NATO countries began a bombing campaign during the Kosovo War. This campaign would result in a NATO tactical victory, however, the political ramifications would extend to the present. Specifically, the NATO bombing campaign was not cleared by the United Nations Security Council, with Russia and China vetoing operations.38 As a result, this was the first instance of NATO using military force without United Nations Security Council approval. More importantly, western actions in this politically sensitive region would make clear to Russian policy-makers that they could not rely on goodwill and international organizations to prevent possible incursions into their own near abroad; in addition, the technological superiority of western forces would impose a greater threat to Russian interests as time went on, if a strategy was not devised to counter these actors. Russia would go through stages of warmer and colder relations with the United States in 37. 38. Biddle, Stephen. “The Gulf War Debate Redux: Why Skill and Technology Are the Right Answer.” International Security 22, no. 2 (1997): 163-174. doi:10.2307/2539372 https://www.jstor.org/stable/2539372?seq=1#page_scan_tab_contents Gene I. Rochlin & Chris C. Demchak (2008) The Gulf war: technological and organizational implications, Survival, 33:3, 260-273, DOI: 10.1080/00396339108442594 https://www.tandfonline.com/doi/abs/10.1080/00396339108442594?journalCode=tsur20. United Nations. Security Council. "SECURITY COUNCIL REJECTS DEMAND FOR CESSATION OF USE OF FORCE AGAINST FEDERAL REPUBLIC OF YUGOSLAVIA." News release, March 26, 1999. https://www.un.org/press/en/1999/19990326.sc6659.html.. 32. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(37) the early 2000s, however, perceived incursions and transgressions would ultimately lead Russian policy-makers to regard the United States as unreliable and potentially undermining of its longterm goals. Some important factors that may have lead to these perceptions and results of them include the second Gulf War, United States support of regimes unfriendly to Russia in its nearabroad, and United States military basing in Central Asia. The second Gulf War likely contributed further to international perceptions of the United States as an unstable and arrogant actor because, like the bombing campaign during the Kosovo War, the second Gulf War was not endorsed by the United Nations.39 The United States in the latter stages of the first decade of the 21st century was also quite openly supporting countries that challenged Russian primacy in its near-abroad. Examples of these would include Georgia and Ukraine, states that both would face Russian backlashes.40 Lastly, with regards to military basing, a clear example of conflict between Russia and the United States can be found in Kyrgyzstan. Initially, the United States, as part of its Operation Enduring Freedom war on terrorism, was allowed to lease Manas Air Base, near Bishkek. However, following years of colder relations and a Russian push for primacy in its Near Abroad, the base was closed in 2014. This was the last base to be closed in Central Asia, and to many indicated a political shift in the region from the United States to Russia.41 As noted earlier, Russian assertiveness would increase over time and its methods of 39. "Iraq War Illegal, Says Annan." BBC News. September 16, 2004. http://news.bbc.co.uk/2/hi/middle_east/3661134.stm.. 40. Kuzio, Taras. (2005). Russian Policy toward Ukraine during Elections. Demokratizatsiya: The Journal of Postsoviet Democratization. 13. 491-517. 10.3200/Demo.13.4.491-518 http://www.taraskuzio.com/International%20Relations_files/russia_elections_ukraine.pdf. Zunes, Stephen. "U.S. Role in Georgia Crisis." Foreign Policy in Focus. August 14, 2008. https://fpif.org/us_role_in_georgia_crisis/. 41 Dzyubenko, Olga. "U.S. Vacates Base in Central Asia as Russia's Clout Rises." Reuters. June 3, 2014. https://www.reuters.com/article/us-kyrgyzstan-usa-manas/u-s-vacates-base-in-central-asia-as-russias-clout-risesidUSKBN0EE1LH20140603.. 33. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(38) containing problematic regimes in its near abroad have become well known. In particular, actions in Ukraine and Crimea have shed light on its usage of Hybrid Warfare. Further, the 2016 United States presidential election has shown the lengths to which Russian operatives will go to attempt to manipulate public opinions through Information Warfare. While the United States is still the preeminent cyber power in the world, the Russian Federation has found its own ways to use technology to challenge United States hegemony. However, the United States and its policymakers are now adapting to this new and challenging cyber environment. In particular, as noted earlier, the author will use aspects of Deterrence Theory to examine and analyze the current adaptations and what may be in store for the future. First, taking United States actions from a Classical Deterrence perspective, Threats of Punishment and Denial by defense will be examined. Threats of Punishment will examine how United States capabilities may or may not be made public, how a new hierarchy of national response (also known as a deterrence ladder) may be used, and how attribution problems will be present whenever punishments are considered. Denial by defense will examine how the United States is investing in upgrading and hardening network infrastructure, embracing proper cyber hygiene, improving network resiliency, and improving surveillance and active defensive measures. All of these investments and research are ultimately being done to alter a simple cost/benefit equation with regards to engaging in clandestine hacking of United States networks. If the costs greatly outweigh the benefits, hostile operators will largely be dissuaded. Attribution problems and their importance to a stronger defensive posture will also be examined. Broad Deterrence will also be examined with Entanglement and Normative Taboos.. 34. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
(39) Entanglement will examine perceptions of costs and benefits of actions and the rise of the Internet and how more and more dependency may prevent hostile actions on the internet. However, it will be noted that this dependency is not present in all relations. Normative Taboos will discuss reputational costs of illicit online actions, how target acquisitions may change over time, how the rules of law in cyberspace may develop, and how emerging multilateral norms may deter future conflicts. 3.1 Threats of Punishment United States cyber policies will likely evolve most noticeably and quickly in terms of Classical Deterrence. Beginning with Threats of Punishment, there are clear examples of the United States taking this path to deter hostile cyber operations. These examples may be divided into two approaches, first, revealing or not revealing capabilities to the public, and secondly, developing and maintaining a new and clear hierarchy of national responses to aggression. However, because of the proactive nature of this approach, attribution problems will be inherent. There are two examples that highlight the sophistication of United States Cyber operations. The first case would be that of the Stuxnet worm. The Stuxnet worm is an extremely advanced and malicious program that was designed to target Iranian nuclear facilities. Work on the worm began in 2005, and initial versions were found in 2007.42 It was a joint operation between the United States and Israel, with an additional goal of preventing overt Israeli strikes that may have sparked further conflict. Stuxnet would also change over time, according to the desires of its creators. Initially, it was a slower acting worm that destroyed equipment in less obvious fashion. In 2009, it was modified to be much more aggressive. As a result of this, it was more quickly 42. Slayton, 95. 35. DOI:10.6814/THE.NCCU.IMPIS.010.2018.A06.
相關文件
Teacher / HR Data Payroll School email system Exam papers Exam Grades /.
Classifying sensitive data (personal data, mailbox, exam papers etc.) Managing file storage, backup and cloud services, IT Assets (keys) Security in IT Procurement and
They are: Booklet (6) – Healthy Community, exploring the communicable and non- communicable diseases and how they affect community health so that students are able to
Microphone and 600 ohm line conduits shall be mechanically and electrically connected to receptacle boxes and electrically grounded to the audio system ground point.. Lines in
○ Value function: how good is each state and/or action. ○ Policy: agent’s
◦ Value function: how good is each state and/or action.. ◦ Policy: agent’s
Biases in Pricing Continuously Monitored Options with Monte Carlo (continued).. • If all of the sampled prices are below the barrier, this sample path pays max(S(t n ) −
We examine how past experiences, perceived behavioral controls, subjective norms, attitudes, and economic pressures affect the behavioral intentions pertaining to
