Cyber Warfare: A hypothetical integrated approach

There is little doubt we live in a digital age. The birth of the internet in the 1980’s has revolutionised the way and the speed, in which we send, receive and process information.

This, in turn, we have seen exploited by both state and non state actors, on the battlefield and off. From election meddling accusations in the US, to Russia disabling Ukrainian electrical facilities. The war for public opinion over Israel/Palestine where Hamas and the Israel Defence Force present frequently two diametrically opposing views on the same incident. ISIS propaganda, online recruiting from ISIS and Kurdish factions, to the live streaming of executions and most recently the Christchurch Mosque shootings in New Zealand. Even the use of social media during a recent NATO exercise to identify units, troop positions, defences and manoeuvres. Never before have we had so much information so readily available, and so many ways to use it.

This represents both great opportunity, and a great challenge to the Australian Defence Force (ADF), and global community at large. In the following article I will outline how I could see this technology being used in a state on state conflict, integrating with existing concepts such as manoeuvre warfare. Similarly, elements of this could easily be used in counterinsurgency (COIN) operations, and probably already are.

Stage 1: Divide and Conquer
Political and Social Engineering, Fake news and Bots

This is not an article on politics or social justice. However, I believe it would be a folly to ignore the way in which social Media, particularly Facebook and Twitter, influence politics and society.

Since 2015-16 we have seen a vast shift in the way social media is used, from recipes and kitten videos to now being a highly politicised battleground of ethics, morals and truths. In this time we have seen gay marriage legalised in most countries, some countries enact laws around the use of gender neutral pronouns and birth certificates, and the rebirth of socialism, both with Bernie Sanders and now Alexandria Ocario Cortez in the USA and the increased presence of the Greens Party in Australia. It is not the purpose of this text to pass judgement on these events but to instead point out the rapidity of change, and the seemingly decisive role social media has played in this event.

The social media phenomenon has resulted in the US Federal Bureau of Investigation having a “memes” department. Controlling the conversation on social media effectively has become the new way of controlling information.

In a secondary but related way, the slow death of conventional mass media has also contributed to this situation. With the massive failure of the US media to anticipate the Trump 2016 win, as well as other events, we see a shift toward alternate news media. This has opened up a broad range of voices who now hold the power of information dissemination. This has led to incidents such as the Covington school boys, who are now suing multiple news outlets for defamation.

One merely has to go to a comment section on almost any issue to see the increasing black and white, polarised and politicised nature of social media. The key question becomes, who controls and disseminates the information? In this area we find both danger and opportunity. From Venezuela, to Russian interference in the US election, to the Hauwei controversy, we see there are many conflicting views.

If apparently unguided and un-orchestrated campaigning by fringe actors can engineer such a grand sweeping change of public opinion, imagine what a carefully targeted, orchestrated campaign could achieve.

In the integration of Cyber Warfare, I see the ability to cause social and political unrest from afar, spread partial or completely fabricated facts, and distort information to a narrative that can potentially politically and socially change a country, as the first frontier. This may take place over some years, and importantly may never escalate from this point to conflict.

From here, it is possible for fifth column assets to be found and fostered. This can be done through a semi false narrative, or partially true one. This has historically usually been done through offering some kind of power or benefit: from Alexander the Great bribing cities to open their gates, through to the recruitment of militia by North Vietnam in South Vietnam, to Che Guevara and then to the Russian speaking elements of Crimea.

As well as forming a potential new power base, fifth columnists also represent a way for events inside the country to be influenced and monitored. The birth of social media has seen this become easier to do than ever before. These assets can either be used to influence the political process in peace or cause disruption and set up alternate power bases in war. Even if all these entities do is spread a narrative that is disadvantageous to us, then an adversary will deem it to have been worthwhile. Word of mouth from people we know tends to carry more weight than random facts alone.

Stage 2: Softening up
Prelude to conflict

The next point of escalation from the previous steps is a 'softening up' phase of cyber defences. Like the massed artillery of WW1, or the massed power of aircraft and tomahawk missiles, this phase aims to disrupt, strain and infiltrate the enemy’s cyber defences prior to kinetic confrontation.

The length of this phase and its escalation will be determined by longer term goals. There is the dichotomy to be balanced between probing for weakness and losing the element of surprise. Sustained escalation of cyber activity may forewarn the enemy that an attack is possible. Even if it does not reveal details it may alert the foe to the possibility of assault.

This phase will begin with extensive hacking, targeting government, military, police and media figures. This will serve several purposes. Foremost will be as a means of discovering sensitive information that can be used as leverage, or that can be judiciously and anonymously 'leaked', discrediting and undermining the credibility of officials. Secondly as a way of obtaining general intelligence, including assessing interpersonal relations between these key figures at a local, regional and national level.

Next the use of massed automated hacking and spyware aimed at banking and infrastructure. During the Ukrainian Crimea conflict, the Russians were able to shut down power plants via hacking. With electrical grid issues, banking and commerce issues, and increasing doubt about their leaders, the enemy's civilians will be in an increasingly agitated state. Misinformation laying the issue at the hands of the government will add to this.

The aim of using automated hacking will allow a nation to attack the enemy’s cyber infrastructure along a broad front and tie up their human resources in trying to deal with 24/7 assaults. As cracks appear, human hackers with higher skill levels will be used to exploit these breaches.

The aim with these attacks is not only to damage infrastructure and tie up resources, but also to cause as much confusion, chaos and disruption as possible. Our 'fake news' fifth columnists and leveraged assets cadres will place these failures squarely on the opposing governments shoulders.

Finally, it is likely that this time will also be used to target military personnel with fake profiles on social media. This was used with great success during a recent NATO exercise where the opposing forces used Instagram, Facebook and Snapchat to follow and engage with blue forces soldiers, and were able to use these platforms to lure soldiers off guard duty, to reveal information about which unit they were in, their location, and even send photos of defensive preparations!

As discussed recently by Brigadier Ian Langford DSC and Bars, the use of artificial intelligence (AI) and third party cloud server data will also be utilised. This can be done in numerous ways, from tracking movement to hacking global positioning system (GPS) devices, and allow more accurate target acquisition of key personnel. This can go down to the detail of assessing their daily routines through surveillance imagery from places they frequent, to identifying them by their gait on the battlefield.

Stage 3: Point of Impact
Kinetic and Cyber combine

The final escalation comes when the decision has been made to commit to a kinetic engagement. At this stage cyber will focus on the enemy's armed forces.

By this stage, the bulk of the enemy’s cyber resources should be taken up with defending against the attacks made during stage 2. Ideally stage 2 will still be in full swing when this stage begins.

Timing is the essential component now. Either the cyber preparation has to be so long the enemy is lulled into a sense of no immediate coming assault, or it has to be sudden, violent and total, so as to keep an element of surprise when the ground assault begins.

Massed automated hacks swarm the enemy's communications systems. Enemy personnel information gathered in the previous phase is now used to pin point units, defences and individuals. Viruses and hacks are used to shut-down communication devices, email and social media. Special Operations Forces (SOF) target enemy communications while long range fire and air strikes hit key enemy personnel and positions.

Human hackers target enemy unmanned aerial vehicle (UAV) and drone assets, either covertly hacking their streams to provide additional intelligence (what I will term a"soft hack") and feeding false information, or through a 'hard hack' using the vehicle as a kamikaze unit to cause maximum disruption and destruction on enemy positions and overwhelm their anti-air defences.

A short time before our ground forces being their attack, the fifth column assets, aided by specialist personnel, will begin an insurgency movement; an uprising all over the opposing nation, diverting key time, resources and attention away from the front.

The enemy is now in a serious predicament. Their communications have been compromised and their ability to gather information similarly disrupted. With a series of uprisings and protests taking up security forces and diverting assets, the ground assault can begin.

In the current era, it would be fairly simple to have this ground assault done under the guise of helping the rebels, particularly if they were in non democratic countries.

Stage 4: Follow Up
Securing the peace

We have learnt in the past 18 years that the 'end of major combat operations' does not equate to the end of war-fighting.

A clear lesson from both Iraq and Afghanistan is the need for a clear transition of power into the hands of capable local actors. This is where the creation of fifth column assets, or assisting a popular opposition leader who has been prevented being elected by corrupt processes, is essential. A successful example would be the East Timor mission where Australia was able to assist in the transition to a democratically elected government.

In the case of Iraq, this was made significantly more complex by the intricate tribal, ethnic and religious groupings in that country, which were being further conflagrated by foreign entities such as Al Qaeda. This made the process of putting in an effective, non partisan local governance body more complicated than expected.

In the 'winning of hearts and minds', the ability to provide security, sewerage, water, electricity, employment and trade are all key factors. However, Stage 1 cyber again becomes an important element. When insurgents control the information and the narrative, COIN operations will inevitably be lengthier and more difficult.

Another factor is that, depending on the country, democratic processes maybe a new concept. This means that they require a shift in culture and thinking. Again Stage 1 cyber operations offer the ability to begin this process years before ground forces arrive, and after their departure.

Care should also be taken at this point to assess what remaining cyber capabilities the enemy has left. In the same way that having enemy in the rear of your position is dangerous, so it would be unwise to leave significant cyber elements operational. Imagine the capacity for disruption these people could add to an insurgency.

Caveats and other notes

There are several possible issues/criticisms that I feel could be levelled at the above, which I will attempt to address here.

Expertise

I have outlined a very general approach and not delved into specifics, as am not a cyber specialist.

Similarly I have endeavoured to research applicable points and examples. However, as a civilian I acknowledge there may be significant gaps in my knowledge as to current practice and capabilities.

Ethics and International Law

As a western democracy, we are subject to, and obliged to operate within, the parameters of international law. This may render some elements of this article invalid. Cyber warfare is still considered a grey area, particularly when state actors hire private entities to conduct these activities.

Even if such ideas go against our personal or societal ethics, it would be unwise to ignore how these same ideas could be used by non-state, or less scrupulous actors, to influence affairs. At the least by considering them, we can begin to think how they might be defended against.

Conclusion

This brief article has been aimed at introducing one hypothetical approach to how cyber war-fighting could be implemented on a broad scale, with systematic abilities to escalate varying intensities depending on the broader national strategic goals. It also offers a perspective about how cyber capabilities could be used against us by both state and non-state actors.

Aside from the immediate and direct war-fighting applications of cyber operations during and directly preceding a kinetic conflict, there are broader, more subtle ways cyber operations can be integrated into national security operations.

Sun Tzu once wrote:

'Victorious warriors win first and then go to war, while defeated warriors
go to war first and then seek to win.'

The ability of cyber operations to control the flow of information, and to work both kinetically and in the psychological realm, was demonstrated in the Russian annexation of Crimea. Cyber operations allowed them to cultivate fifth column assets, disrupt Ukrainian infrastructure and communications, and to control the flow of information and narrative coming out of the area. While cyber was not the deciding factor, and was assisted by the large Russian speaking population (who formed the fifth column assets), it undoubtedly contributed an important role.

I am sure the dialogue around cyber will continue as the 21st century progresses. With a increasingly digitally literate and integrated operating environment in the Indo-Pacific region, and with this region containing two of the largest countries and technological entities in the world (China and India), this domain will continue to be of crucial importance in our region and to our national interests.

The rise of non-state actors who use the cyber world to recruit, co-ordinate and effect public opinion also ensures that it will remain an area that requires our attention long term. To ignore the power of the cyber sphere to spread ideas unchecked across international borders, time zones and cultures is to invite weaknesses in our defence capabilities.

Finally, as a medium power nation with limited personnel capability relative to our region, the ability to influence affairs through information and narrative, as well as kinetic power, adds another tool to our national security toolbox.

Art & Science of Thinking

Art & Science of War

Leadership, Ethics & Society

STEM

Organisation, People & Projects

Officers

NCO/WO

Other ranks

Written

Video

Audio

Mixed media

Announcement

AAC

All Corps

Cbt Arms

Cbt Spt

Health

Log

Pers Spt

CoveTalk | Small Aircraft, Sizable Threats: SUAS - The Threats They Pose and How to Counter Them

Responding to the Chief's Challenge: Reflecting On the Nature and Character of War

CoveTalk | Small Aircraft, Sizable Threats: SUAS - The Threats They Pose and How to Counter Them

The Cove Community Podcast