Total Pageviews

Monday, February 25, 2013

An interview with Prof. Alan Chong (RSIS – S. Rajaratnam School of International Studies - Singapore)

by Daniel Ventre (CNRS - CESDIP/GERN; Chair in Cyberdefense and Cybersecurity - Ecoles Militaires de Saint-Cyr Coëtquidan / Sogeti / Thalès)

February 25, 2013

(This article may not be reproduced without the author’s permission)

Alan Chong is Associate Professor at the S. Rajaratnam School of International Studies in Singapore. He has published widely on the notion of soft power and the role of ideas in constructing the international relations of Singapore and Asia. His publications have appeared in The Pacific Review; International Relations of the Asia-Pacific; Asian Survey; East Asia: an International Quarterly; Politics, Religion and Ideology; the Review of International Studies; Alternatives: Global, Local, Political; and the Cambridge Review of International Affairs. He is also the author of Foreign Policy in Global Information Space: Actualizing Soft Power (Palgrave, 2007). He is currently working on several projects exploring the notion of ‘Asian international theory’. More information at: http://www.rsis.edu.sg/grad/faculty-members.htm

Daniel Ventre: Although several definitions of “cyberspace” and “cyberwar” have been proposed (among militaries, governments, researchers…), there is no consensus on the definition of this object/concept. What is your own definition of “cyberspace” and “cyberwar”?  

Alan Chong: Cyberspace refers to that communication space created between two or more connected digital sources. In political terms, it is a space parallel to terrestrial space. Unlike terrestrial space on earth, ‘asymmetries’ in cyberspace are less tangible and do not depend on the possession of natural resources, wide plains and rivers. What matters as strength in cyberspace is the possession and allocation of human talent. Cyberwar would logically refer to military-inspired attempts to disrupt, deny or destroy the electronic resources of the enemy through computer-based means with the aim of attaining military victory.
I would personally prefer the term ‘information operations’ to refer to that whole range of political interventions ranging from the theft of data, deception, disruption, to destruction enabled by electronic computer-based means.  Information operations do not distinguish peacetime from wartime.

DV: According to you, what is the most appropriate approach to analyze/explain/understand cyberconflict (ie. its impact on international relations, the origins of cyberwars, etc.): a constructivist approach, a (neo) realist or neoliberal perspective?

AC: Definitely, a constructivist approach. The operational architecture of cyberspace requires the interaction between the ‘structure’ of electronic pathways and websites connected by multiple nodes, and numerous ‘agents’ in terms of terminals and operators. The design of malware and its corresponding ‘anti-virus’ software require agency-structure co-constitution of anticipated identities and lethalities.
On a conflict scenario level, waging cyberconflict requires the initiator to imagine the enemy’s pre-existing vulnerabilities and planned reactions. The initiator must employ this knowledge in order to retain plausible deniability when challenged in the open media.

DV: How might be described the main conceptual differences between the 1990s’ "information warfare" and today’s "cyberwar"?

AC: The notion of ‘information warfare’ is more accurate, comprehensive, and more flexible than cyberwar, since information warfare includes psychological operations and simple deception strategies. The latter two can also be operated through computerised means. In any case, I would prefer the phrase ‘information operations’ to encompass the widest possible range of strategic operations within, or associated with, computer usage.

DV: Efforts to conceptualize cyberconflict refer to ‘Cold war’ and ‘war on terror’ strategies, policies, concepts (cyber Cold War; cyber deterrence; invisible threat; insider threat; …). What is the most appropriate analogy to analyse cyberconflict: Cold war or War on terror?

AC: The War on Terror is more appropriate as a test case since it involves a whole array of non-state actors who act autonomously from sovereign states. Ideological considerations also factor in the cyber intentions of non-state actors. Using computer terminals, non-state actors can level the global playing field in relation to sovereign states. The Cold War was a largely sovereign state-to-state confrontation.

DV: How is the Singaporean approach of cybersecurity strategies differing from other nations?

AC: As far is it is revealed, the Singaporean cybersecurity approach is based on mostly civilian ‘whole of government/society’ principles. Secondly, the Singaporean approach is also based upon open information sharing at cyber conferences between civilian companies and government agencies. There is also a great deal of information learning between software firms at home and abroad.

DV:  Your research expertise is focused on “soft power” concept. Could you please remind us the definition of this concept and its application in cybersecurity policies/strategies?

AC: Cybersecurity is connected to soft power in the sense that open information sharing on keeping the internet open, stable and dependable for global electronic commerce translates into a form of attracting a ‘noble’, ‘good practices’ community of experts and ordinary computer users into existence. This ‘good practice’ community is transnational and will hopefully transcend nationally-derived political obstacles.



Sunday, February 24, 2013

An interview with Dr. Martin C. Libicki (RAND Corporation) by Daniel Ventre

by Daniel Ventre (CNRS - CESDIP/GERN; Chair in Cyberdefense and Cybersecurity - Ecoles Militaires de Saint-Cyr Coëtquidan / Sogeti / Thalès)

February 20, 2013

(Copyright 2013 Daniel Ventre . This article may not be reproduced without the author’s permission)
 
Daniel Ventre: Although several definitions of “cyberspace” and “cyberwar” have been proposed (among militaries, governments, researchers…), there is no consensus on the definition of this object/concept. What is your own definition of “cyberspace” and “cyberwar”?  

Martin Libicki: Cyberwar should be the use of cyberwarfare (that is, techniques used to usurp the control of computers from their authorized users), in pursuit of politico-military aims (i.e., something that Clausewitz would recognize).  Cyberspace is something that I define like this: it’s the Internet and everything connected to the Internet that is like the Internet. That’s more than a little fuzzy, to be sure.  More to the point, I don’t believe there’s much point to defining cyberspace, in large part because it’s just a conduit to what is more interesting: the systems being hacked.  The emphasis on cyberspace as such is like saying that traffic accidents happen in road-space, or that poison-pen campaigns happen in mail-space.

DV: If we agree that cyberspace is a new domain, what is a « frontier » / « borderline » in it ? Is it really necessary for nation-states to set up virtual frontiers? Is such a project feasible?

ML: The frontier of cyberspace is basically the first router that inbound traffic hits in the country (or the last router that outbound traffic hits); where the wires go is irrelevant.  That formulation does not work if the Internet goes directly from an external source (satellite, RF transmissions) to end-consumers, but that’s a very small share of Internet traffic. States can apply border controls there (it’s feasible, China does it), but the first question in a democratic state is what a state gains by doing so (given that interference with the Internet is unpopular in some quarters and not costless).

DV: According to you, what is the most appropriate approach to analyze/explain/understand cyberconflict (ie. its impact on international relations, the origins of cyberwars, etc.): a constructivist approach, a (neo) realist or neoliberal perspective?

ML: This is probably as good a time as any to note that I was trained in economics, not international relations theory (and so I’m not so qualified to differentiate these terms). But maybe the place to start is with “cyberconflict,” whose meaning I’m unsure of.  We really haven’t seen a true cyberwar.  If cyberconflict means a difference of opinion among states, we have seen tussles about cyberspace in the latest ITU meeting in Dubai.  The West told the ITU: hands off. The other big countries wanted the ITU to support a state’s right to manipulate its citizens’ access to the Internet.  Was the West realist (Western media and the values it projects tend to be more popular with non-Western citizens than the reverse) or idealist (the West believes in its values and wants them propagated)?  Hard to tell.

DV: What are the main conceptual differences between the 1990s’ "information warfare" and today’s "cyberwar"?

ML: Information warfare of the 1990s was a catch-all that included what we now call cyberwarfare but also psychological warfare, command-and-control warfare, and electronic warfare. It also could also include operational security (OPSEC) and military deception (MILDEP).  The overall term evolved to “information operations” circa 1997, but that term is mostly used for psychological warfare and strategic communications today.

DV: Efforts to conceptualize cyberconflict refer to ‘Cold war’ and ‘war on terror’ strategies, policies, concepts (cyber Cold War; cyber deterrence; invisible threat; insider threat; …). What is the most appropriate analogy to analyse cyberconflict: Cold war or War on terror?

ML: Neither, really. The high-tech nature of cyber suggests the Cold War; the lone-wolf potential of cyber suggests the war on terrorism. But neither is a good fit, and, in both cases, for at least one common reason – cyberwar does not really inspire terror (as nuclear weapons do and terrorism aims to).  So far cyberwar has been used for annoyance (Estonia, Georgia), as an aid to military operations (Operation Orchard), and for sabotage (Stuxnet). Note that nuclear weapons have been used for none of them; and terrorism is rarely used for sabotage, as such.  I don’t think we have much choice but to consider cyberwar on its own merits (although some of the questions from the Cold War such as escalation, signalling, confidence-building measures etc. are potentially interesting to place in a cyber context).

News - Newsletter Défense-Sécurité & Parlement

Nouveau numéro de la newsletter "Défense-Sécurité & Parlement", février 2013, dédiée à la cyberdéfense. Dossier "Cyberdéfense: un enjeu mondial, une priorité nationale". Contributions de J.M. Bockel, E. Rihan Cipel, A. Coustilliere, J. Hebrard, J. Ferry, P. Pailloux, M. Quemener, Y. Jounot, O. Bohbot, J.M. Orozco, V. Maldonado, D. Ventre.

Wednesday, February 13, 2013

Report - Finland's Cyber Security Strategy 2013

Finland's Cyber Security Strategy 2013. Government Resolution 24.1.2013. 16 pages.

Reports - Australia's national security 2013

Report. First Australia's National Security report. January 2013. The document identifies the key national security risks and introduces cybersecurity issues:

• Espionage and foreign interference
• Instability in developing and fragile states
• Malicious cyber activity
• Proliferation of weapons of mass destruction
• Serious and organised crime
• State-based conflict or coercion significantly affecting Australia’s interests
• Terrorism and violent extremism




Reports - Cybersecurity Strategy of the E.U

Report. Cybersecurity Strategy of the European Union. European Commission, 7.2.2013, 20 pages

Monday, February 11, 2013

News - Rapport de la NIE: la France (aussi) mènerait des cyberattaques contre les USA...

Un article d'Ellen Nakashima publié dans le Washington Post du 11 février 2013, revient sur un rapport de la NIE (National Intelligence Estimates) en date de quelques jours, lequel pointe une nouvelle fois du doigt les cyberopérations d'espionnage menées par la Chine massivement, mais également par d'autres acteurs comme la Russie, Israël... et la France.
Même si, comme le rapporte Ellen Nakashima, le volume d'opérations menées depuis ces 3 pays fait pâle figure par rapport à la Chine, mention de la France dans la liste des accusés peut être vue comme une forme de réponse du berger à la bergère. En effet, rappelons-nous qu'en novembre dernier, la presse française accusait les américains d'avoir piraté l'Elysée.

Wednesday, February 6, 2013

News - Crisis and Escalation in Cyberwar

New book from Martin Libicki, Crisis and Escalation in Cyberwar, RAND Corportation, 198 pages, 2012. Download : http://www.rand.org/content/dam/rand/pubs/monographs/2012/RAND_MG1215.pdf  This book is based ont he results of a research funded by the 2011 RAND Project Air Force study on "US and Threat Non-Kinetic Capabilities".
"The basic message is simple: Crisis and escalation in cyberspace can be managed as long as policymakers understand the key differences between nonkinetic conflict in cyberspace and kinetic conflict in the physical world. Among these differences are the tremendous scope that cyberdefense affords; the near impossibility and thus the pointlessness of trying to disarm an adversary’s ability to carry out cyberwar; and the great ambiguity associated with cyberoperations—notably, the broad disjunction between the attacker’s intent, the actual effect, and the target’s perception of what happened. Thus, strategies should concentrate on (1) recognizing that crisis instability in cyberspace arises largely from misperception, (2) promulgating norms that might modulate crisis reactions, (3) knowing when and how to defuse inadvertent crises stemming from incidents, (4) supporting actions with narrative rather than signaling, (5) bolstering defenses to the point at which potential adversaries no longer believe that cyberattacks (penetrating and disrupting or corrupting information systems, as opposed to cyberespionage) can alter the balance of forces, and (6) calibrating the use of offensive cyberoperations with an assessment of their escalation potential." (p.iii)

The book is structured around 5 chapters:
- Chapter 1: Introduction
- Chapter 2: Avoiding crisis by creating norms
- Chapter 3: Narratives, Dialogues and Signals
- Chapter 4: Escalation Management
- Chapter 5: Implications for Strategic Stability

Keywords: cyberspace, state, attack, cyberattack, escalation, systems...



Conference - CyCon2013

Conference CyCon 2013, International Conference on Cyber Conflict, June 4-7, 2013, Tallinn, Estonia, http://ccdcoe.org/cycon/   CyCon 2013 will focus on the technical, strategic and legal implications of using automatic methods to manage cyber conflicts. The conference will be organized along two tracks: a Strategic Track and a Technical Track. Legal aspects will be incorporated in these two tracks

Conference - Cyber Security for Military and the Defense Sector

Conference: "Cyber Security for Military and the Defense Sector", 19-20th June 2013, London, UK, http://www.smi-online.co.uk/defence/uk/cyber-defence

Conference - Digital Cockpit

Conference: "Digital Cockpit", 13-14 May 2013, London, UK, http://www.smi-online.co.uk/defence/uk/digital-cockpits

Conference - ISR

Conference "ISR", 17-18 April 2013, London, UK, http://www.smi-online.co.uk/defence/uk/isr 

Conference - Military Space

Conference - "Military Space", 10-11 April 2013, London, UK, http://www.smi-online.co.uk/defence/uk/milspace

Conference - Order and Chaos

Conference - "Order and Chaos: crisis management and the challenges of the extreme and rare events", 20th March 2013, London, UK, http://www.smi-online.co.uk/defence/uk/masterclass/order-and-chaos-crisis-management-and-the-challenges-of-the-extreme-and-rare-event 

Conference - Social Media for Operations

Conference - "Social Media for Operations", 27th February 2013, Amsterdam, Netherlands, http://www.smi-online.co.uk/defence/europe/workshop/social-media-for-operations

Conference - Social media within the military and the defence sector

Conference: "Social media within the military and the defence sector", 25-26 february 2013, Amsterdam. http://www.smi-online.co.uk/defence/europe/social-media-within-the-military-and-defence-sector-europe