Upload
zsolt-nemeth
View
1.701
Download
3
Embed Size (px)
DESCRIPTION
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
Citation preview
Models of Escalation and De-escalation in Cyber Conflict
John C. MalleryComputer Science & Artificial Intelligence Laboratory
Massachusetts Institute of Technology
Presentation at the 2011 Workshop on Cyber Security and Global Affairs, Budapest, Hungary, May 31 – June 2, 2011.
Version: 04/10/2023 02:32 PM
John C. Mallery MIT CSAIL2
Escalation And De-escalation Models ForState-state Cyber Conflict & Cooperation
A step towards a US-Russia-China workshop on escalatory models of cyber conflict Intended to develop shared perspectives and
analytical frameworks across countries Appendices include a draft set of topics for
consideration in a longer workshop Dynamics of cyber-fueled conflict Approaches to managing cyber-fueled conflict Lessons from history or other conflictual domains
Today we will discuss a few selected topics
Background: Topic area selected as the top priority by MSU IISI team from 10 workshop topics presented last year
John C. Mallery MIT CSAIL3
Possible International WorkshopsOn Critical Cyber Policy Issues
Workshop Topics1. Cyber Definitions2. Cyber Crime3. Cyber Terrorism4. Escalatory Models5. Civilian
Infrastructures6. Industrial Espionage7. Technical
Cooperation8. Codes of Conduct9. Cyber Law10. Protection of the
Commons
MSU IISI prioritization1. Escalation Models2. Civil infrastructures3. Cyber Definitions4. Cyber Law5. Codes of Conduct6. Cyber Terrorism7. Cyber Crime8. Technical
Cooperation9. Protection of the
Commons Termed “Protection of World Community”
10. Industrial Espionage
John C. Mallery MIT CSAIL4
Overview Defining cyberspace Threat actors and capabilities Entropy-based model of conflict and cooperation Global cyber conflict mess Illustrative Conflictual Actions Illustrative Cooperative Actions Phase-structured Cyber Events Data Utility of cyber actions Managing Strategic
Technology Competition Cross Domain Responses Proportionality Judgments Institutions and Mechanisms
for Cyber De-escalation Cyber Conflict Characteristics
John C. Mallery MIT CSAIL5
What is cyberspace? Interdependent network of information technology
infrastructures (NSPD54/HSPD23) Internet Telecommunications networks Computer systems Embedded processors Controllers in critical industries
Also virtual environment of information and interactions between people (NSPD54/HSPD23) Activities riding on cyberspace
US Military Electro-magnetic spectrum Information operations C4ISR, space
Supply chains for IT Computers, networks, software, sensors, crypto, identity
management, etc. Knowledge, information, data
John C. Mallery MIT CSAIL6
Domains of Cyberspace
IC Fabrication IC Design Operating Systems Information Assurance Cryptography
Network Infrastructure Administration Application Software and Administration
Routers, Switches, Fiber, Wireless, Other PCs, Servers, Laptops, Cell Phones, PDAs
Economic & Business Activity Military And Intelligence SystemsInternational Dialogues
Information Processes, Social Networking
Research Communities IA, Certification, Accreditation International Standards
Physical Network Connectivity Enterprise ITCritical Infrastructures Consumer IT
Diplomacy Treaties Agreements AlliancesNorms IGOs NGOs Industry
Supply Chain
Cyberspace
Knowledge Formation Political DiscourseValue System Dynamics
GovernanceTechnological Level Network, Computer, Crypto, ID Mgt. Standards Universal Principles
John C. Mallery MIT CSAIL7
Threat Actors And CapabilitiesThreat Actors Motive Targets Means Resources
Nation StatesDuring War Time
PoliticalMilitary, intelligence, infrastructure, espionage, reconnaissance, influence operations, world orders
Intelligence, military, broad private sector
Fully mobilized, multi-spectrum
Nation StatesDuring Peace Time
PoliticalEspionage, reconnaissance, influence operations, world orders
Intelligence, military, leverages criminal enterprises or black markets
High, multi-spectrum, variable skill sets below major cyber powers
Terrorists, Insurgents
Political Infrastructure, extortion Leverage black markets? Limited, low expertise
Political Activists or Parties
Political Political outcomes Outsourcing? Limited, low expertise
Black Markets ForCyber Crime
Financial
Hijacked resources, fraud, theft, IP theft, illicit content, scams, crime for hire
Tools, exploits, platforms, data, expertise, planning
Mobilizes cyber crime networks
Criminal Enterprises
FinancialReconnaissance, planning, diverse expertise
Professional, low end multi-spectrum, leverage of black markets
Small Scale Criminals
Financial Leverages black marketsLow, mostly reliant on black markets
Rogue Enterprises FinancialIP theft, influence on sectoral issues
Outsourcing to criminal enterprises?
Sectoral expertise, funding, organization
John C. Mallery MIT CSAIL8
Conflict and Cooperation within Living Social Systems Framework
Goal: Continuous function from conflict to cooperation
Countries are autopoetic systems Prigogine, non-equilibrium thermodynamics Self-recreating living systems Network of component producing processes Recreate the socio-economic and political system over time
Key functional areas: Physical Security: Military, intelligence, terrorism Economic Security: Business, technology, science, policy Political Security: Ideation, legitimacy, diplomacy
State-state interactions Conflictual action: Increases autopoetic entropy Cooperative action: Decreases autopoetic entropy
Mesh of state-state interactions Reciprocity dimensions: economic, political, military, cultural Relationships: parasitic or mutualistic
John C. Mallery MIT CSAIL9
Global Cyber Conflict Mess*
Over 100 states developing offensive cyber capabilities Various USG 2008-2010
What are their targets? Economic Political Military/intelligence
Who are their targets? G20? Major industries?
Cyber Capability Levels
Cyber Power No. IW Espionage Attack Integration
Major 3? High High High High
Important 10? Moderate? Significant Significant High
Middle 20? Lower? Crime ware Crime ware Lower
Lesser 70+
Lower? Crime ware Crime ware Lower
John C. Mallery MIT CSAIL10
Illustrative Conflictual ActionsMove Type Action Std. Cyber Intensity Duration Impact
Political
Displeasure x x 1
Protest x 1
Withdraw Support x 2
Snub x 1
Threaten x x 1
Support opposition x x 4
Subversion x 5
Economic
Industrial espionage x x 2
Sabotage x x 2
Sanctions x ? 3
Quarantine x ? 4
Military
Politico-military espionagex x ?
Unconventional warfare, terrorism x x 1
Skirmishes x x 2
Limited warfare x x 4
General warfare x x 5
John C. Mallery MIT CSAIL11
Illustrative Cooperative ActionsMove Type Action Std. Cyber Intensity Duration Impact
Political
Diplomatic recognition x 1Praise, hail, applaud x x 2Endorse or support policy or position x x 3Promise material support x x 3Negotiate x x 1Make substantive agreement x x 2Share data, intelligence x 4
Economic
Joint ventures, technical sharing x x 5Support capacity building x x 3Suspend Sanctions x ? 1Extend economic aid x ? 3
Military
Extend military assistancex x 4
Coordinate counter-terrorism x x 4
Coordinate defense x x 5
Cease hostilities x x 3
Settle dispute x x 3
John C. Mallery MIT CSAIL12
Phase-structured Cyber Events Data
Define cyber action vocabulary Party actions Referrals to conflict managers Conflict management actions
Code state-state interaction sequences Include partial order for level of conflict or
cooperation Phase structure is given by the movement
up or down hostility/altruism Enables learning to:
Predict escalation or de-escalation as a function of event sequences
Efficacy of conflict management actions
John C. Mallery MIT CSAIL13
Utility of Cyber ActionsModality Detection Complexity Reliability Consequences
IW 3 2 2 1
Intelligence 1 3 2 1
Degradation 1 3 1 2
Disrupt (precise)
3 3 1 3
Denial 3 2 3 3
John C. Mallery MIT CSAIL14
Managing Strategic Technology Competition
1. Engineering networking standards and computational frameworks for national advantage
2. Developing universalizable norms for system engineering and design certification
3. Managing industrial espionage when integrated component of strategic economic competition
4. Sanctions (diplomatic, economic) against predatory behaviors in open multilateral trading systems
5. Standards for ICT intended to reduce opportunities for bad cyber behavior, enhance international stability and promote orderly international interactions
John C. Mallery MIT CSAIL15
Cross Domain Responses State need not respond to cyber in kind Cross domain responses cloud anticipation of
responses to cyber actions Judgment of proportionality by initiator Judgment of perception by recipient
Example: Industrial espionage by China Possible response aiming at regime legitimacy
Example: Russia and US declare potential nuclear response
against cyber attacks on C2 systems Penetration of the wrong system could provoke
major response Cross domain responses Introduce potentially
destabilizing feedback paths
John C. Mallery MIT CSAIL16
Proportionality Judgments Shared understandings of proportionality
are necessary for meaningful calibration of action
Different perspectives, approaches, traditions and cultural contexts can produce misunderstandings and unintended escalations
Errors or accidents involving cyber weapons may produce Unintended consequences via cascading
effects Unforeseen escalatory responses
John C. Mallery MIT CSAIL17
Cyber Conflict Characteristics
1. Offense dominated2. Strategic reach3. Poor attribution (low frequency)4. Poor warning with short detection times5. No strategic depth -> pre-emption strategies6. Readily usable techniques for espionage7. Strong reciprocity among major actors8. Low barriers to entry9. Over 100 state players10. Lack of shared perception of action seriousness
Limited history of cyber conflict Cross cultural understanding challenges Little guidance from international law Many variations possible
Conclusion: Unstable, dangerous feedbacks
John C. Mallery MIT CSAIL18
Institutions and Mechanismsfor Cyber De-escalation
Domain Activity Conflict Manager
PoliticalHacktivism
?, UNLegitimacy IW
Economic
Industrial espionage
?, IMF, G*, WTO, regional IGOsPredatory Trade
Supply chain subversion
MilitaryPrepositioning logic bombs
Conventional mediators (e.g., UN, regional IGOs)Critical infrastructure attacks
John C. Mallery MIT CSAIL19
Research Questions1. What is the domain of cyber conflict and cooperation?
2. Does the rise of cyber operations, whether attack, espionage or influence operations, change inter-state conflict dynamics?
3. What are the stability characteristics of current and future international systems as cyber conflict capacity develops and diffuses?
4. How can levels of cyber conflict and cooperation be measured and compared across technical change?
5. How can strategic technical and economic competition be managed?
6. How can different perceptions of hostility or cooperation and escalation phases be managed?
7. Can legal or normative frameworks increase stability or protect non-combatants?
Appendix A
Dynamics Of Cyber-fueled Conflict
John C. Mallery MIT CSAIL21
Dynamics Of Politico-military Escalation And De-escalation In State-state Cyber Conflict
1. Analysis of factors contributing to instability or stability2. Cyber as a means for strategic reach with low barriers to entry (over 100 countries
with some cyber offensive capabilities)3. Pre-emption strategies due to poor warning as a source of instability4. Problems of n-way games, including (mis-)attribution, bad reputations,
provocations5. Clusters of state-level cyber conflict and cooperation6. Dangerous feedbacks, good feedbacks7. Unintended consequences (e.g., perceptions, cascading impact, spreading impact,
collateral damage to civilians or 3rd parties)8. Precision and controllability of cyber techniques across target domains, including
impact on neutral countries or global commons9. Usability of cyber techniques for attack or exploitation (low probability of attribution,
low physical damage, low human causalities)10. Cross-domain responses to cyber as amplifiers or attenuators conflict11. Differential perception of threat (e.g., economic, legitimacy, systemic)12. Special case of nuclear powers (cyber under cover of nuclear)13. Asymmetric vulnerability of lower ICT capacity states to cyber attack by stronger
military powers14. Dynamics of collapse or rebuilding of trust across state-state transactions, with
special attention to low-to-mid level cyber provocations15. Mechanisms for de-escalation, including termination of conflict or war16. Mechanisms for establishing ground truth (e.g., monitoring, data sharing,
inspection, cross correlation)17. Institutions for international mediation and conflict management
John C. Mallery MIT CSAIL22
Conflict Triggers Or Escalators
1. Misread of red lines2. Denial of service or attack on C2 or space assets3. Ambiguity of cyber actions between exploitation and
attack4. Penetration of critical infrastructure, or "preparation of
the battlefield”5. Accidental impact on 3rd parties via spread or
cascading6. Excessive espionage provoking hostile responses,
possibly cross-domain7. 3rd party provocations intended to incite major power
conflict8. Information operations targeting political legitimacy9. Conventional conflict triggering cyber responses
John C. Mallery MIT CSAIL23
Cross-modality Or Cross-domain Responses To Cyber Exploitation Or Attack
1. Signaling and problems of misperception in cyber conflict (or cyber cross-domain responses)
2. Mismatches of cross cultural or doctrinal models of cyber conflict
3. Hostility spirals due to volume of exploitation or development of bad reputation
Appendix B
Approaches To Managing Cyber-fueled Conflict
John C. Mallery MIT CSAIL25
Challenges
1. How can verification, monitoring and situational awareness be achieved and to what extent?
2. How is cyber defense possible without understanding and anticipating incoming cyber attacks?
3. How can proliferation of cyber weapons within or across countries be prevented or managed?
John C. Mallery MIT CSAIL26
Shared International Frameworks For Designating Actions In Cyber Space As
Criminal, Hostile, Or Negligent
1. Definitions of hostility levels2. Definition of when counter-force becomes counter-value
targeting along supply chains or supporting infrastructure for an opposing military
3. Red lines with the contexts of peace, crisis or war4. Impact of red lines on dynamics of escalation control and stability5. Instabilities arising from attacks on C5ISR systems, including
nuclear systems, space assets and naval forces6. Large-scale espionage: quantity exceeds conventional hostility
calibrations7. Ambiguity of cyber-physical systems (e.g., cyber attack on power
grid causing physical damage)8. Information operations: anti-terrorism, threats to government
stability9. How should international sharing of cyber data be organized and
coordinated?10. Rebuilding trust in a low verification environment
John C. Mallery MIT CSAIL27
Responsibility Of National Leadership For Controlling Cyber Offense And Exploitation
1. Government actors2. Surrogates, including state responsibility for cyber
"patriots" or criminals operating within their territory under International law regardless of whether the state has direct, indirect or no control at the time
3. Non-state actors using computing platforms within their territories
Hackivists Terrorists
4. Leakage of advanced cyber capabilities to criminals or terrorists
5. Managing different levels of conflict from strategic (e.g., nuclear weapons control and release) to theater or tactical
6. Responsibility for cleaning up botnets, or other platforms within their territories used by 3rd parties to attack or exploit 2nd parties
John C. Mallery MIT CSAIL28
Managing Strategic Technology Competition
1. Engineering networking standards and computational frameworks for national advantage
2. Developing universalizable norms for system engineering and design certification
3. Managing industrial espionage when integrated component of strategic economic competition
4. Sanctions (diplomatic, economic) against predatory behaviors in open multilateral trading systems
5. Standards for ICT intended to reduce opportunities for bad cyber behavior, enhance international stability and promote orderly international interactions
John C. Mallery MIT CSAIL29
Legal Or Normative Frameworks Codifying Shared Interests
1. How can cooperative activities in cyber defense or fighting cyber crime build reservoirs of trust that help prevent or attenuate cyber crises?
2. Can a "public health" approach to cyber help reduce risk of conflict and enhance trust through cooperative contributions to the cyber commons?
3. To what extent are states interpreting cyber with the framework of the Geneva Convention?
4. Where are current international legal frameworks adequate or inadequate?
5. How can they be extended to cover gaps?6. How do they serve the range of state or non-state actors in the
international system?7. Can legal or normative frameworks actually help in a timely fashion with
cyber capabilities are so widely diffused and technical change is rapid?8. What is their domain of relevance across a hostility range from,
peacetime to wartime?
9. How can adverse impacts on international cyber infrastructures be prevented or managed?
10. How can collateral damage to non-belligerents be managed?11. How can 3rd party provocations intended to initiate conflicts between
major powers be prevented beforehand or managed afterwards?
John C. Mallery MIT CSAIL30
Legal Or Normative Frameworks Codifying Shared Interests
12. What is the legal or pragmatic liability of states for consequences of cyber operations, whether intentional, collateral, or accidental (including cyber proliferation)?
13. What should be the status of a cyber attack on one country that disrupts economic activity in 3rd countries? (e.g., shared infrastructure, outsourcing, linked industrial verticals) Rights of 3rd parties to respond? Non-state actor case?
14. What is the responsibility to states to prevent private actors or 3rd parties from launching attacks from with their territory by controlling bad network traffic, taking down botnets, or requiring higher assurance standards?
15. What legal recourses are available when cyber espionage exceeds standards of customary practice to reach extraordinarily high levels of hostility?
16. What should be the responsibility of Internet service providers to report bad behavior to states (e.g., tracing attacks via proxies, cyber pollution, IW)?
17. What should be the legal liability of ISPs if they act as agents of a state by providing the means to deliver cyber attacks, engage in cyber exploitation or weaponization?
18. To what extent are States and ISPs separate around the world? How does it effect the ability of states to act in cyberspace?
Appendix C
Lessons From History Or Other Conflictual Domains
John C. Mallery MIT CSAIL32
Lessons From History Or Other Conflictual Domains
1. How should the definition of "armed force" be extended to cyber attacks? (e.g., by consequences, by threat level)
2. How do we measure the consequences of cyber weapons? Must they have physical manifestation?
3. How can conventional counter proliferation approaches bear on cyber capabilities?
4. How can conventional protections of neutral parties, international infrastructures or global commons (e.g., sea, space) be extended to cyber?
5. How is cyber not like nuclear deterrence? (Over worked analogy with many analytical assumptions failing.)
6. How are cyber weapons like non-nuclear kinetic weapons?
7. How can biological weapons regimes inform cyber regimes? (Similarities and differences, for example in terms of proliferation, verification, usability)