Saturday, April 2, 2011

What a cyber war with China might look like

Thursday's Computerworld carried the story What a cyber war with China might look like. Specifically, the story linked to a paper written by Christopher Bronk for the U.S. Air Force's Strategic Studies Quarterly. They actually invite readers' comments be sent to them. Since my general mode of interaction with people is to leave them better than I found them, I offer some humble observations (which I will forward to the above-linked email address). I use the world "humble" because I am, after all, a novelist playing with fictional constructs. Mr. Bronk deserves acknowledgement of his serious work.

  1. In the last paragraph of page 4, a statement is begun, "While the goal is not to get bogged down on the particulars of why such a conflict would come to pass…" Wow, talk about ignoring the real global reality! The myriad possible scenarios yield as many ways such a cyber war would manifest itself. In fact, a reasonable topology of the "whys" motivating a cyber war would then yield a corresponding set of response scenarios that could not only nip cyber war in the bud but which could generate the cyber equivalent of M.A.D. (Mutually Assured Destruction) publicly stated doctrines. Like, for example, my Morgan Doctrine. The absence of such publicly stated doctrines indeed invites and makes cyber war inevitable. The novel I've just finished deals with several specific, independent, but mutually interacting scenarious in what I hope is a compelling and entertaining manner. The market will have to be the judge of that.
  2. In the first full paragraph on page 6: "But in the days running up to the war, that activity spiked enormously." In my mind, this is unlikely that China would telegraph the first moves of an all-out cyber war. That would be downright stupid. Just like Pearl Harbor, the Japanese goal was to take out the biggest part of our Pacific fleet in a surprise attack. Again on page 9: "The cyber attack had a rolling start, rather than being a bolt from the blue." Pure balderdash.
  3. Interestingly, two paragraphs later the characterization of a "…small piece of data, only 256 bytes long…" accurately describes the behavior of one of many probes possible from The Perfect Virus. Unfortunately, Mr. Bronk's paper doesn't even scratch the surface of other exploits. Perhaps it's because he didn't want to give our cyber enemies any new ideas. Unfortunately because of this constraint, this picture of cyber war is rather one dimensional.
  4. Page 8's scenario of a Chinese defector waltzing "…into the Australian consulate in Tokyo…" is entertaining, since I believe Australia will play a major role in world cyber security. Only they don't know it yet. 
  5. On page 10: "…Guam was the sole location of an electromagnetic strike by the Chinese…" In a full-blown cyber war, EMP weapons make excellent sense in multiple locations. Especially in hardened locations tuned for retaliation and defense actions at the outbreak of cyber war.
  6. Mr. Bronk's depiction of our reaction to the ways in which the Chinese wage this war is again one dimensional, probably because he doesn't have the advantage of considering the topology presented by my 22 principles of The Perfect Virus. I'm torn about expanding on this, but I'll leave that exercise to the eventual publication of my novel.
  7. On page 16 Mr. Bronk makes a compelling case for cyber privateers. He says the FBI will lead the charge "[e]nlisting the hacker community…" in the effort. I believe this is wrong minded, using coercion to recruit versus using monetization of the process to licensed and bonded entities. I hope this blog and my arguments will correct a fearful misdirection of effort. 
  8. On the next page, again Mr. Bronk builds a case for a new paradigm, since "decisions by conference" is a doomed idea. Unfortunately,  the closest convergence to my cyber privateering idea comes on page 18: "Civil defense in the cyber domain must be considered a necessity." 
  9. Finally, Mr. Bronk's paper does nothing whatsoever to deal with the specifics of our response to and strategies with which we will turn the tide and win the cyber war. In fact, it seems to assume that we will simply defend against the attacks until the enemy wears down without our mounting a withering retaliation. How can you seriously suggest that this paper is a picture of our cyber war with China? I realize you don't want to telegraph our own playbook, but this paper is definitely not a picture of any kind of cyber war. 
To the U.S. Airforce cyber defense brain trust, I beg you to distribute your brain power MIPS now and not wait until you're in the midst of a full-blown cyber war. Let's face it: Cyber war will be pretty well automated and occur in minutes and not days or weeks. The response must also be systematized and does not lend itself to a committee of men with lots of stars on their shoulders, especially if those military leaders must wait for step-by-step authorization from political leaders. And finally, we need stated doctrines that unambiguously detail our automated response to the nanosecond-by-nanosecond realities of cyber war (my point number 1 above). Not to do this pretty well guarantees a cyber Armageddon from which we will not be able to quickly rebuild.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?