Total Pageviews

Tuesday, May 21, 2013

Article - M.C. Libicki - Managing September 12th in Cyberspace


Before the Committee on Foreign Affairs - Subcommittee on Europe, Eurasia, and Emerging Threats  - United States House of Representatives 

RAND Office of External Affairs. March 21, 2013. 

Tuesday, May 14, 2013

Conférence - Les territoires réels et virtuels de l'insécurité

L'Université de Laval (Canada) organise, dans le cadre de l'Ecole d'été sur les terrorismes, une semaine de conférences sur le thème "Les territoires réels et virtuels de l'insécurité". Mon intervention, le 15 mai 2013, est intitulée "Définir le cyberconflit". La matinée sera poursuivie avec l'intervention de Richard Garon (Université de Laval), qui pose la question "Infoguerre ou guerre de l'information"?
Programme:

News - Stratégie canadienne de cybersécurité

Stratégie canadienne de cybersécurité : un bilan mitigé pour le gouvernement fédéral. Hugo Loiseau. Mai 2013. http://www.usherbrooke.ca/medias/communiques/communiques-details/c/21881/ 

News - La sécurité ne sera jamais garantie...

Voici un article qui ne traite pas de "cyber" mais qui donne à réfléchir quant à la distance qui nous sépare de la perfection en matière de sécurité. De récentes révélations nous informent en effet de l'existence de failles humaines et d'erreurs à répétition commises dans les processus de gestion de l'arsenal nucléaire américain. Les compétences et le niveau de sérieux requis pour ces missions semblent ne pas être totalement présents. L'info elle-même est-elle à prendre au pied de la lettre?  
 

Monday, May 6, 2013

News - USA - DoD - Annual report to Congress -

Department of Defense. Annual report to Congress. Military and Security Developments Involving the People's Republic of China 2013, 83 pages, May 2013. Download the report

Monday, February 25, 2013

An interview with Prof. Alan Chong (RSIS – S. Rajaratnam School of International Studies - Singapore)

by Daniel Ventre (CNRS - CESDIP/GERN; Chair in Cyberdefense and Cybersecurity - Ecoles Militaires de Saint-Cyr Coëtquidan / Sogeti / Thalès)

February 25, 2013

(This article may not be reproduced without the author’s permission)

Alan Chong is Associate Professor at the S. Rajaratnam School of International Studies in Singapore. He has published widely on the notion of soft power and the role of ideas in constructing the international relations of Singapore and Asia. His publications have appeared in The Pacific Review; International Relations of the Asia-Pacific; Asian Survey; East Asia: an International Quarterly; Politics, Religion and Ideology; the Review of International Studies; Alternatives: Global, Local, Political; and the Cambridge Review of International Affairs. He is also the author of Foreign Policy in Global Information Space: Actualizing Soft Power (Palgrave, 2007). He is currently working on several projects exploring the notion of ‘Asian international theory’. More information at: http://www.rsis.edu.sg/grad/faculty-members.htm

Daniel Ventre: Although several definitions of “cyberspace” and “cyberwar” have been proposed (among militaries, governments, researchers…), there is no consensus on the definition of this object/concept. What is your own definition of “cyberspace” and “cyberwar”?  

Alan Chong: Cyberspace refers to that communication space created between two or more connected digital sources. In political terms, it is a space parallel to terrestrial space. Unlike terrestrial space on earth, ‘asymmetries’ in cyberspace are less tangible and do not depend on the possession of natural resources, wide plains and rivers. What matters as strength in cyberspace is the possession and allocation of human talent. Cyberwar would logically refer to military-inspired attempts to disrupt, deny or destroy the electronic resources of the enemy through computer-based means with the aim of attaining military victory.
I would personally prefer the term ‘information operations’ to refer to that whole range of political interventions ranging from the theft of data, deception, disruption, to destruction enabled by electronic computer-based means.  Information operations do not distinguish peacetime from wartime.

DV: According to you, what is the most appropriate approach to analyze/explain/understand cyberconflict (ie. its impact on international relations, the origins of cyberwars, etc.): a constructivist approach, a (neo) realist or neoliberal perspective?

AC: Definitely, a constructivist approach. The operational architecture of cyberspace requires the interaction between the ‘structure’ of electronic pathways and websites connected by multiple nodes, and numerous ‘agents’ in terms of terminals and operators. The design of malware and its corresponding ‘anti-virus’ software require agency-structure co-constitution of anticipated identities and lethalities.
On a conflict scenario level, waging cyberconflict requires the initiator to imagine the enemy’s pre-existing vulnerabilities and planned reactions. The initiator must employ this knowledge in order to retain plausible deniability when challenged in the open media.

DV: How might be described the main conceptual differences between the 1990s’ "information warfare" and today’s "cyberwar"?

AC: The notion of ‘information warfare’ is more accurate, comprehensive, and more flexible than cyberwar, since information warfare includes psychological operations and simple deception strategies. The latter two can also be operated through computerised means. In any case, I would prefer the phrase ‘information operations’ to encompass the widest possible range of strategic operations within, or associated with, computer usage.

DV: Efforts to conceptualize cyberconflict refer to ‘Cold war’ and ‘war on terror’ strategies, policies, concepts (cyber Cold War; cyber deterrence; invisible threat; insider threat; …). What is the most appropriate analogy to analyse cyberconflict: Cold war or War on terror?

AC: The War on Terror is more appropriate as a test case since it involves a whole array of non-state actors who act autonomously from sovereign states. Ideological considerations also factor in the cyber intentions of non-state actors. Using computer terminals, non-state actors can level the global playing field in relation to sovereign states. The Cold War was a largely sovereign state-to-state confrontation.

DV: How is the Singaporean approach of cybersecurity strategies differing from other nations?

AC: As far is it is revealed, the Singaporean cybersecurity approach is based on mostly civilian ‘whole of government/society’ principles. Secondly, the Singaporean approach is also based upon open information sharing at cyber conferences between civilian companies and government agencies. There is also a great deal of information learning between software firms at home and abroad.

DV:  Your research expertise is focused on “soft power” concept. Could you please remind us the definition of this concept and its application in cybersecurity policies/strategies?

AC: Cybersecurity is connected to soft power in the sense that open information sharing on keeping the internet open, stable and dependable for global electronic commerce translates into a form of attracting a ‘noble’, ‘good practices’ community of experts and ordinary computer users into existence. This ‘good practice’ community is transnational and will hopefully transcend nationally-derived political obstacles.



Sunday, February 24, 2013

An interview with Dr. Martin C. Libicki (RAND Corporation) by Daniel Ventre

by Daniel Ventre (CNRS - CESDIP/GERN; Chair in Cyberdefense and Cybersecurity - Ecoles Militaires de Saint-Cyr Coëtquidan / Sogeti / Thalès)

February 20, 2013

(Copyright 2013 Daniel Ventre . This article may not be reproduced without the author’s permission)
 
Daniel Ventre: Although several definitions of “cyberspace” and “cyberwar” have been proposed (among militaries, governments, researchers…), there is no consensus on the definition of this object/concept. What is your own definition of “cyberspace” and “cyberwar”?  

Martin Libicki: Cyberwar should be the use of cyberwarfare (that is, techniques used to usurp the control of computers from their authorized users), in pursuit of politico-military aims (i.e., something that Clausewitz would recognize).  Cyberspace is something that I define like this: it’s the Internet and everything connected to the Internet that is like the Internet. That’s more than a little fuzzy, to be sure.  More to the point, I don’t believe there’s much point to defining cyberspace, in large part because it’s just a conduit to what is more interesting: the systems being hacked.  The emphasis on cyberspace as such is like saying that traffic accidents happen in road-space, or that poison-pen campaigns happen in mail-space.

DV: If we agree that cyberspace is a new domain, what is a « frontier » / « borderline » in it ? Is it really necessary for nation-states to set up virtual frontiers? Is such a project feasible?

ML: The frontier of cyberspace is basically the first router that inbound traffic hits in the country (or the last router that outbound traffic hits); where the wires go is irrelevant.  That formulation does not work if the Internet goes directly from an external source (satellite, RF transmissions) to end-consumers, but that’s a very small share of Internet traffic. States can apply border controls there (it’s feasible, China does it), but the first question in a democratic state is what a state gains by doing so (given that interference with the Internet is unpopular in some quarters and not costless).

DV: According to you, what is the most appropriate approach to analyze/explain/understand cyberconflict (ie. its impact on international relations, the origins of cyberwars, etc.): a constructivist approach, a (neo) realist or neoliberal perspective?

ML: This is probably as good a time as any to note that I was trained in economics, not international relations theory (and so I’m not so qualified to differentiate these terms). But maybe the place to start is with “cyberconflict,” whose meaning I’m unsure of.  We really haven’t seen a true cyberwar.  If cyberconflict means a difference of opinion among states, we have seen tussles about cyberspace in the latest ITU meeting in Dubai.  The West told the ITU: hands off. The other big countries wanted the ITU to support a state’s right to manipulate its citizens’ access to the Internet.  Was the West realist (Western media and the values it projects tend to be more popular with non-Western citizens than the reverse) or idealist (the West believes in its values and wants them propagated)?  Hard to tell.

DV: What are the main conceptual differences between the 1990s’ "information warfare" and today’s "cyberwar"?

ML: Information warfare of the 1990s was a catch-all that included what we now call cyberwarfare but also psychological warfare, command-and-control warfare, and electronic warfare. It also could also include operational security (OPSEC) and military deception (MILDEP).  The overall term evolved to “information operations” circa 1997, but that term is mostly used for psychological warfare and strategic communications today.

DV: Efforts to conceptualize cyberconflict refer to ‘Cold war’ and ‘war on terror’ strategies, policies, concepts (cyber Cold War; cyber deterrence; invisible threat; insider threat; …). What is the most appropriate analogy to analyse cyberconflict: Cold war or War on terror?

ML: Neither, really. The high-tech nature of cyber suggests the Cold War; the lone-wolf potential of cyber suggests the war on terrorism. But neither is a good fit, and, in both cases, for at least one common reason – cyberwar does not really inspire terror (as nuclear weapons do and terrorism aims to).  So far cyberwar has been used for annoyance (Estonia, Georgia), as an aid to military operations (Operation Orchard), and for sabotage (Stuxnet). Note that nuclear weapons have been used for none of them; and terrorism is rarely used for sabotage, as such.  I don’t think we have much choice but to consider cyberwar on its own merits (although some of the questions from the Cold War such as escalation, signalling, confidence-building measures etc. are potentially interesting to place in a cyber context).