No Shortcuts by Smeets Max;

Author:Smeets, Max;
Language: eng
Format: epub
Publisher: Hurst Publishers
Published: 2022-05-18T00:00:00+00:00

CONCLUSION

Most scholarship on the dynamics of cyber conflict seeks to explain what states can and cannot do with cyber operations. Yet implicit in this debate is the assumption that states can participate in cyber conflict, that they have crossed the barriers to entry. This book challenged this assumption and explained that, for many states, the barriers of entry are much higher than often perceived to be. The argument developed in this book has multiple components.

First, I noted that cyberspace is not a level playing field. What I meant by this is that states do not follow the same playbook and rulebook. Or more formally, state actors face different strategic, organizational, and legal/normative constraints when it comes to conducting cyber operations. A constrained actor tends to embed cyber operations within a well-defined legal and ethical framework (that, for example, requires minimizing collateral damage) and is aware of the impact organizational trade-offs (such as the potential intelligence losses following an effect operation) and is behaving strategically—ultimately connecting these cyber means to a political end.

Second, these constraints have a major influence on the operational requirements to conduct cyber effect operations. Constrained actors generally need to conduct targeted operations, with long intelligence collection lead-up times, much deliberation to ensure organizational alignment, deploying well-tested exploits and tools, with payloads triggered at a specific point in time. Meeting all these requirements is often challenging—especially when there are time pressures to execute.

Third, I add the dimension of available resources to introduce a new typology distinguishing between four types of actors. A ‘Type I actor’ refers to an actor that is loosely constrained in conducting cyber effect operations, with a high degree of financial and organizational resources. A ‘Type II actor’ refers to a loosely constrained actor, with few financial and organizational resources. A ‘Type III actor’ is highly constrained in terms of executing cyber effect operations, but also highly resourceful. A ‘Type IV actor’ is highly constrained when it comes to conducting cyber effect operations and has limited financial and organizational resources. I argue that most of the states that have launched a cyber command are Type IV actors.

Fourth, offensive cyber capability development by constrained actors—including Type IV actors—is often misunderstood. Some reporting makes us believe that cyber commands are like factories ‘producing’ or ‘building up’ ‘cyber weapons’. I developed the PETIO framework to provide a better understanding of what it means to develop an offensive cyber capability under constraints. The framework—distinguishing between five dimensions: People, Exploits, Tools, Infrastructure, and Organization—shows that military cyber organizations are more like ‘service providers’ tasked with a set of activities. When we seek to analyse how organizations are building up ‘offensive cyber capabilities’, what we are really talking about is how they have trained up developers, operators, or system administrators, and allowed lawyers to familiarize themselves with the field. Cyber capability development is also about how processes are put in place to effectively conduct cyber operations with the aim to degrade certain networks, without compromising intelligence sources or causing other negative consequences.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.