Wearables Authors: Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski

Blog Feed Post

How Cyberpunk Revived Cybersecurity

This post was cowritten by Adam Elkus and Alex Olesker

Our last post looked at the downside of how cyberpunk and digital dualism helped contribute to a distorted understanding of cyberspace and bad policy. Yes, it might seem a bit ridiculous at first glance: would we blame Jules Verne for faults with naval submarine warfare doctrine and operations? But the idea of a separation between cyberspace and “real” life, originating with science fiction, has been an overall malignant influence on cyber policy. Yet we aren’t going to completely throw our cyberpunk toys away. There are a variety of ways in which cyberpunk foresaw the future of cyber operations.

First, we should explain a bit about what cyberspace is. Just like terrorism, something as vast as cyberspace will perhaps never be conclusively defined. In the simplest terms, technologist and CTO Bob Gourley defines cyberspace as our interconnected information technology. Dan Kuehl of NDU offers a more in depth definitions in his chapter in Cyberpower and National Security : “a global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, exchange, and exploit information via inderdepedent and interconnected networks using information-communication technologies.” As Kuehl argues, interdependent and interconnected information networks and systems are composed of three interrelated dimensions: physical platforms, systems, and infrastructures that provide connectivity, massive amounts of informational content, and human cognition that results from greatly increased access to content and increased decision power. Cyberspace as it exists today is a designed environment built for the use of information, interaction, and communication, but to call it a “man-made” environment is to misunderstand it entirely. Kuehl and Sam Liles both note that cyberspace’s physical characteristics come from forces and phenomena that exist and occur in the natural world. The fact that humans need manmade devices and technologies to exploit cyberspace is little different from other “man-made” environments like….the sea, air, and space.

Because technologies and systems operate through and on cyberspace, this makes two national security related exploitations of cyberspace possible: information-based warfare and information warfare. Commonly conflated, they are in fact very different. Network-centric warfare, for example, utilizes cyberspace to create greater speed, decision power, and decisiveness. The current American system of precision-targeting, unmanned aerial vehicles, networked platforms, and command and control relies on cyberspace, just as late 19th century warfare exploited embryonic cyberspace in the form of telegraphic networks. Information warfare, in contrast, is an umbrella term for the use of information to destroy information in the form of electronic warfare (EW) and computer network operations (CNO). As Kuehl notes, cyberspace exists as a blending of electronics and electromagnetic energy, and the first major exploitation of cyberspace occured with the transmission of information in the form of dots and dashes over a wire. The “Victorian Internet” morphed into something greater with the invention of wireless, the telephone, radio–and decades later–the electronic computer. Kuehl argues that cyberspace is unique because it employs the electromagnetic spectrum as a means of movement, and any definition of cyberspace must begin not with the activities that take place within the domain but rather on the physical characteristics that set it apart from others.

We increasingly interact with cyberspace through augmented reality. As Liles observes, this was one major aspect of cyberspace that William Gibson’s work in fact did accurately predict:

For quite some time the reality of cyber has been over laid upon the physical reality. … Numerous iPhone applications exist to allow the person to interact with the cyberspace around them. From tours, to GPS navigation with advertisements included the two spaces are shore and sea interacting at that beach. Augmented reality is why unmanned aerial vehicles can work. Augmented reality is the heads up display in a fighter jet giving friend and foe recognition for targeting devices. Information through a variety of  interfaces is placed into the physical reality. As seamless we already see the physical reality being modeled and data places into the cyberspace why shouldn’t the opposite be true? What hasn’t existed until the smart phone and now special glasses is a mechanism for accessing the information realm. Though with geo cacheing and a variety of games that is changing.

Augmented reality, as Liles notes, allows users to overlay information in graphical form, increasing the sensory abilities of the user. With AR, soldiers can make friend or foe identification with the aid of big data, salesmen at corporate mixers can make more carefully targeted networking, and police officers could rapidly access arrest records on everyone they encounter in a neighborhood. My own personal use of AR has changed my life just with GPS on my iPhone, allowing me to track down elusive hole-in-the wall sushi joints in San Francisco.

The use of augmented reality leads us into three useful points about cyberspace and national security. First, just because an action is targeted against someone’s cyberspace does not mean the competition should be viewed symmetrically. Talk of Iran retaliating for Stuxnet in cyberspace misses the point: Iran, a sponsor and frequent source of terrorism, has abundant and more efficient means of killing people it doesn’t like besides code. The ability of the United States to dominate the escalation ladder also complicates Iran’s ability to use force against the United States in cyberspace for political objectives, and there would be little point for Iran to employ force against the US unless it somehow desired a shift in the US’ political behavior. Might Iran do so through cyber-proxies? Perhaps, but due to the importance of force as communication, proxies would have to somehow be able to communicate Iran’s desire for a shift in US policy towards Iran without the US deciding to utilize its abundant conventional advantages to retaliate against Iran. What happens in Vegas may stay in Vegas, but what happens in cyberspace is not guaranteed to stay in cyberspace. This doesn’t mean Iran will not retaliate in a significant manner, but it would have to do so in a way that would either constrain the US from retaliating or minimize the possible damage from such retaliation.

Second, the importance of information power is to augment existing capabilities. As Martin Libicki argues, operational cyberwarfare can heavily augment the effect of conventional operations and weapons. EW platforms in previous conflicts fried electronics and jammed communications, depriving military forces of the ability to communicate. Similarly, computer network operations will deny, disrupt, corrupt, and confuse important adversary capabilities. The DARPA program Plan X’s emphasis on hardened cyber systems for the projection of weapons and a “map” of systems and networks for targeting reveals just how existing cyberweapons will be more useful as an operational weapon rather than necessarily a strategic weapon for destroying civilian targets. This should not surprise us–as Sean Lawson points out, infrastructure attacks against the civilian population during a time of total warfare did not bring Germany to heel and the history of disaster research should give us optimism about surviving “cyber-doom.”

This is not to deny that cyber operations will make future operations look very different on the tactical level. And this is where cyberpunk actually has been very influential. In the cyberpunk anime franchise Ghost in the Shell, the action focuses on a combined spec ops and cyber warfare unit called Section 9. Section 9′s operatives are principally selected for their ability to carry out traditional domestic intelligence and direct action skills such as criminal investigation and special operations. However, Section 9 extensively uses cyberspace to both enhance and carry out their operations. Because of the manner in which information networks have colonized every aspect of life (including basic biology) in Ghost in the Shell‘s not-so-distant universe, cyber exploitation and attack is necessary for basic police investigation and national security operations against enemies of the state. Hacking and control of weapons and even cyborg body parts is common, as is the commandeering of surveillance cameras and facility systems for tactical operations.

Sound far-fetched? The special operations site SOFREP ran an interesting feature by Uri Fridman that would suggest otherwise. Special operations direct action will leverage cyber exploitation and attack on enemy systems in a way already pioneered by Red Teamers combining physical penetration with hacking to test sensitive facilities:

In past operations where my team was involved, we supported those units in two different phases.

  1. We provided the initial digital recon of the target, including inside information about sentry schedule, different access routes (those that were locked during the night hours and those open but monitored), number of personnel inside the facility during the different times of the day, hardware and software information, provided a complete site casing including detailed sketches based on the design blueprints extracted from a computer, and a week’s worth of daily activity logs hour per hour.
  2. We also acted as a direct action support team, providing real time information about what the target was doing inside the premises, location of sensitive computers, disabling alarms and other security features in real time, etc.

All that information was carefully analyzed and compared with the intel gathered by the unit’s own intel guys and was found either at the same level or, in most cases, more accurate.

Despite our criticism of “cyber war”, computer network operations, and more broadly information-based operations, are already an important facet of conflict. And as tactics grow even more dependent on information systems, the ability to attack, degrade, disrupt, influence, and gain unauthorized access to information systems will have an even greater tactical impact. What’s important to note is that this impact will not be independent, as cyberspace does not exist independently. Ghost in the Shell provides a more likely prediction of cyber’s increased role in conflict, with information stolen from adversary networks a key part of tactical as well as strategic planning and hackers supporting operations like artillery, ready to disrupt the enemy in the heat of an engagement.

In short, while the world obsesses over “cyber-doom” scenarios for strategic cyberwar, cyber capabilities are trickling down to the tactical and operational levels where they will most likely be actually be employed. Maybe you won’t see Advanced Persistent Threats shutting down nuclear power plants, but what if they launch an assault on military logistics to slow American response to an invasion? Maybe Anonymous won’t kill the Internet, but are American forces prepared to operate in information-degraded environments on the battlefield after the enemy fuses EW and CNO on the tactical level? These are realistic problems rooted in existing and emerging capabilities. Cyber warfare is coming, but it may look as different from the popular perception as bombing in World War II did from H.G. Wells’ dreams of aerial warfare.

This post by was first published at CTOvision.com.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.