Welcome!

Wearables Authors: Yeshim Deniz, Pat Romanski, Zakia Bouachraoui, Elizabeth White, Liz McMillan

Blog Feed Post

How Cyberpunk Revived Cybersecurity

This post was cowritten by Adam Elkus and Alex Olesker

Our last post looked at the downside of how cyberpunk and digital dualism helped contribute to a distorted understanding of cyberspace and bad policy. Yes, it might seem a bit ridiculous at first glance: would we blame Jules Verne for faults with naval submarine warfare doctrine and operations? But the idea of a separation between cyberspace and “real” life, originating with science fiction, has been an overall malignant influence on cyber policy. Yet we aren’t going to completely throw our cyberpunk toys away. There are a variety of ways in which cyberpunk foresaw the future of cyber operations.

First, we should explain a bit about what cyberspace is. Just like terrorism, something as vast as cyberspace will perhaps never be conclusively defined. In the simplest terms, technologist and CTO Bob Gourley defines cyberspace as our interconnected information technology. Dan Kuehl of NDU offers a more in depth definitions in his chapter in Cyberpower and National Security : “a global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, exchange, and exploit information via inderdepedent and interconnected networks using information-communication technologies.” As Kuehl argues, interdependent and interconnected information networks and systems are composed of three interrelated dimensions: physical platforms, systems, and infrastructures that provide connectivity, massive amounts of informational content, and human cognition that results from greatly increased access to content and increased decision power. Cyberspace as it exists today is a designed environment built for the use of information, interaction, and communication, but to call it a “man-made” environment is to misunderstand it entirely. Kuehl and Sam Liles both note that cyberspace’s physical characteristics come from forces and phenomena that exist and occur in the natural world. The fact that humans need manmade devices and technologies to exploit cyberspace is little different from other “man-made” environments like….the sea, air, and space.

Because technologies and systems operate through and on cyberspace, this makes two national security related exploitations of cyberspace possible: information-based warfare and information warfare. Commonly conflated, they are in fact very different. Network-centric warfare, for example, utilizes cyberspace to create greater speed, decision power, and decisiveness. The current American system of precision-targeting, unmanned aerial vehicles, networked platforms, and command and control relies on cyberspace, just as late 19th century warfare exploited embryonic cyberspace in the form of telegraphic networks. Information warfare, in contrast, is an umbrella term for the use of information to destroy information in the form of electronic warfare (EW) and computer network operations (CNO). As Kuehl notes, cyberspace exists as a blending of electronics and electromagnetic energy, and the first major exploitation of cyberspace occured with the transmission of information in the form of dots and dashes over a wire. The “Victorian Internet” morphed into something greater with the invention of wireless, the telephone, radio–and decades later–the electronic computer. Kuehl argues that cyberspace is unique because it employs the electromagnetic spectrum as a means of movement, and any definition of cyberspace must begin not with the activities that take place within the domain but rather on the physical characteristics that set it apart from others.

We increasingly interact with cyberspace through augmented reality. As Liles observes, this was one major aspect of cyberspace that William Gibson’s work in fact did accurately predict:

For quite some time the reality of cyber has been over laid upon the physical reality. … Numerous iPhone applications exist to allow the person to interact with the cyberspace around them. From tours, to GPS navigation with advertisements included the two spaces are shore and sea interacting at that beach. Augmented reality is why unmanned aerial vehicles can work. Augmented reality is the heads up display in a fighter jet giving friend and foe recognition for targeting devices. Information through a variety of  interfaces is placed into the physical reality. As seamless we already see the physical reality being modeled and data places into the cyberspace why shouldn’t the opposite be true? What hasn’t existed until the smart phone and now special glasses is a mechanism for accessing the information realm. Though with geo cacheing and a variety of games that is changing.

Augmented reality, as Liles notes, allows users to overlay information in graphical form, increasing the sensory abilities of the user. With AR, soldiers can make friend or foe identification with the aid of big data, salesmen at corporate mixers can make more carefully targeted networking, and police officers could rapidly access arrest records on everyone they encounter in a neighborhood. My own personal use of AR has changed my life just with GPS on my iPhone, allowing me to track down elusive hole-in-the wall sushi joints in San Francisco.

The use of augmented reality leads us into three useful points about cyberspace and national security. First, just because an action is targeted against someone’s cyberspace does not mean the competition should be viewed symmetrically. Talk of Iran retaliating for Stuxnet in cyberspace misses the point: Iran, a sponsor and frequent source of terrorism, has abundant and more efficient means of killing people it doesn’t like besides code. The ability of the United States to dominate the escalation ladder also complicates Iran’s ability to use force against the United States in cyberspace for political objectives, and there would be little point for Iran to employ force against the US unless it somehow desired a shift in the US’ political behavior. Might Iran do so through cyber-proxies? Perhaps, but due to the importance of force as communication, proxies would have to somehow be able to communicate Iran’s desire for a shift in US policy towards Iran without the US deciding to utilize its abundant conventional advantages to retaliate against Iran. What happens in Vegas may stay in Vegas, but what happens in cyberspace is not guaranteed to stay in cyberspace. This doesn’t mean Iran will not retaliate in a significant manner, but it would have to do so in a way that would either constrain the US from retaliating or minimize the possible damage from such retaliation.

Second, the importance of information power is to augment existing capabilities. As Martin Libicki argues, operational cyberwarfare can heavily augment the effect of conventional operations and weapons. EW platforms in previous conflicts fried electronics and jammed communications, depriving military forces of the ability to communicate. Similarly, computer network operations will deny, disrupt, corrupt, and confuse important adversary capabilities. The DARPA program Plan X’s emphasis on hardened cyber systems for the projection of weapons and a “map” of systems and networks for targeting reveals just how existing cyberweapons will be more useful as an operational weapon rather than necessarily a strategic weapon for destroying civilian targets. This should not surprise us–as Sean Lawson points out, infrastructure attacks against the civilian population during a time of total warfare did not bring Germany to heel and the history of disaster research should give us optimism about surviving “cyber-doom.”

This is not to deny that cyber operations will make future operations look very different on the tactical level. And this is where cyberpunk actually has been very influential. In the cyberpunk anime franchise Ghost in the Shell, the action focuses on a combined spec ops and cyber warfare unit called Section 9. Section 9′s operatives are principally selected for their ability to carry out traditional domestic intelligence and direct action skills such as criminal investigation and special operations. However, Section 9 extensively uses cyberspace to both enhance and carry out their operations. Because of the manner in which information networks have colonized every aspect of life (including basic biology) in Ghost in the Shell‘s not-so-distant universe, cyber exploitation and attack is necessary for basic police investigation and national security operations against enemies of the state. Hacking and control of weapons and even cyborg body parts is common, as is the commandeering of surveillance cameras and facility systems for tactical operations.

Sound far-fetched? The special operations site SOFREP ran an interesting feature by Uri Fridman that would suggest otherwise. Special operations direct action will leverage cyber exploitation and attack on enemy systems in a way already pioneered by Red Teamers combining physical penetration with hacking to test sensitive facilities:

In past operations where my team was involved, we supported those units in two different phases.

  1. We provided the initial digital recon of the target, including inside information about sentry schedule, different access routes (those that were locked during the night hours and those open but monitored), number of personnel inside the facility during the different times of the day, hardware and software information, provided a complete site casing including detailed sketches based on the design blueprints extracted from a computer, and a week’s worth of daily activity logs hour per hour.
  2. We also acted as a direct action support team, providing real time information about what the target was doing inside the premises, location of sensitive computers, disabling alarms and other security features in real time, etc.

All that information was carefully analyzed and compared with the intel gathered by the unit’s own intel guys and was found either at the same level or, in most cases, more accurate.

Despite our criticism of “cyber war”, computer network operations, and more broadly information-based operations, are already an important facet of conflict. And as tactics grow even more dependent on information systems, the ability to attack, degrade, disrupt, influence, and gain unauthorized access to information systems will have an even greater tactical impact. What’s important to note is that this impact will not be independent, as cyberspace does not exist independently. Ghost in the Shell provides a more likely prediction of cyber’s increased role in conflict, with information stolen from adversary networks a key part of tactical as well as strategic planning and hackers supporting operations like artillery, ready to disrupt the enemy in the heat of an engagement.

In short, while the world obsesses over “cyber-doom” scenarios for strategic cyberwar, cyber capabilities are trickling down to the tactical and operational levels where they will most likely be actually be employed. Maybe you won’t see Advanced Persistent Threats shutting down nuclear power plants, but what if they launch an assault on military logistics to slow American response to an invasion? Maybe Anonymous won’t kill the Internet, but are American forces prepared to operate in information-degraded environments on the battlefield after the enemy fuses EW and CNO on the tactical level? These are realistic problems rooted in existing and emerging capabilities. Cyber warfare is coming, but it may look as different from the popular perception as bombing in World War II did from H.G. Wells’ dreams of aerial warfare.

This post by was first published at CTOvision.com.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...