Cyber Statecraft: Developing a Strategy for Cybersecurity

Instead of waiting for the state to act, a bottom-up army of cyber warriors should be created. They should stand side-by-side with the marching National Guard and paramilitary organizations. If the government can’t protect us from cyber aggression by China, Russia, and others, including non-state agents – as evidenced most recently by the theft of over 20 million classified files by Beijing’s hackers – a U.S. cyber militia and a cyber tea party should rally to the rescue.

By Marek Jan Chodakiewicz | September 29, 2015

Cyberspace is the Internet, i.e. an open, interdependent network, within which the convergence – symbiotic and parasitic – of any life forms, beyond traditional dimensions of human experience, takes place. The Internet is a “virtual environment” – as it was dubbed by Gen. Keith Alexander; the context for the convergence of all the hardware and software in the possession of individuals, companies, governments and non-governmental organizations (NGOs) – from the Red Cross to the Islamic State.

Rapidly growing cyberspace is “becoming more and more globalized, decentralized, accessible to billions of individuals as well as mostly free of regulations.” How to assemble cyberspace? Where to put it? How to relate to it? Our colleague from IWP, Michelle Watson Roscitt, called it the fifth geographic domain. Perhaps it would be better to call it the fifth geographic dimension? The traditional dimensions are land, sea, air, and space.

Cyberspace anchors

C. W. Walker, another one of our graduates, says, however, that cyberspace differs significantly from other dimensions, because it “is global and has no boundaries.” Maybe so, but after all even cyberspace has its limitations dictated by technology. Walker further argues that there are attempts geographically to anchor cyberspace for commercial reasons (for example, in the U.S. differs from its German counterpart mainly because it is aimed at different customers, culturally and nationally), but for cyber travelers, and even more so for cyber warriors, such geographical restrictions are simply irrelevant. Most can break in anywhere. If I can’t buy a book on, I try Dr. Kenneth Geers thinks we are dealing here with a “new geography of connectivity.” In some respects, cyberspace has characteristics that overlap traditional dimensions. For example, from a legal standpoint, cyberspace is a dimension even more pristine than the sea and space because it largely lacks, not only regulations, but also international legal consensus.

However, by introducing the concept of domain, Michelle wanted to emphasize the geopolitical and, especially the military side of cyberspace. Just as in traditional military strategy conquering a dominant point (high ground), or simply enemy territory, was considered to be the key to victory, so the conquest of cyber territory is absolutely necessary in order to control information. Formerly, we conquered fortresses and chokepoints. Today, we surround ourselves with firewalls, or we penetrate them. We used poisoned arrows, now we send viruses. We thus replicate our traditional war-making under different conditions and with new tools.

War and cyberwar

In classic strategy, there are immutable points of support: permanent features of the battlefield (and thus of a geographic area). Therefore, the area of kinetic engagement is dynamic, while its geographic context remains static. In cyberspace, however, one of the few permanent features is an almost complete lack of stability. Thus, even the Internet framework tends to be dynamic. Since subsystems are decentralized and individual, they can transform endlessly, changing properties, compositions, and sensitive points. Everything is almost constantly changing bottom-up and top-down.

In addition, “speed and distance” in virtual space are transformed by the instantaneity of operations and the leveling of geographic distance. In cyberspace, “everyone is your neighbor,” says Michelle. Walker reminds us that in cyberspace “the fog of war is so dense” that it is often unknown where the cyber attack came from. Cyber aggressors can become anonymous with the help of Proxy Networks or Virtual Private Networks. Their use means the attacking computers can be located anywhere on Earth. Often even individual computers or entire networks can be hijacked to create partially incapacitated armies (zombie armies) busting your opponent using viruses or the overloading of artificial traffic and Internet demand.

For example, in 2007, Russia attacked Estonia by Distributed Denial of Service (DDoS). Cyber-Tallinn was brought to its cyber knees. The state and its economy were paralyzed. Naturally, no one has ever proven that Moscow carried out this attack. However, as early as in 2008 in Georgia, we witnessed a war where conventional activity was combined with a cyber offensive for the first time in history. Vladimir Putin admitted openly that it was his success.

Shortly thereafter, the United States and Israel attacked the Iranian nuclear industry with the Stuxnet virus. This cyber weapon infected the control surveillance and data retrieval system (Supervisory Control and Data Acquisition SCADA) at a uranium enrichment center. “The genius of this virus was that by destroying the centrifuges [used to separate uranium isotopes], it reported to the control center that no problems were found,” said Walker.

At the same time, China leads a constant cyberwar against the U.S. One of its main state institutions that focus on such operations is the company Huawei Technologies, the world’s largest manufacturer of telecommunications equipment. Its creator is Gen. Ren Zhengfei from the Engineering Academy of the General Staff of the People’s Liberation Army. Huawei routinely steals, via cyber means, intellectual property from companies such as Cisco Systems, Motorola, 3Com, and others. States are the main perpetrators of cyber war. Cyber warriors (hackers) are mostly employed by governments. It’s true that terrorist organizations, criminal or unaffiliated hackers cause much damage, but this is little in comparison with powerful wrestling matches cyber warriors take part in every day.

Safety astride

From here we come to the cyber domain of geopolitics and national security matters. According to the U.S. Department of Defense “between 2000 and 2010, global Internet use increased from 360 million to more than 2 billion people.” The intensity of the global use of the Internet means that its “area,” or the range of cyberspace, develops too. Richard Clarke and Robert K. Knake in Cyber War) identify three main sensitive points of cyberspace. The first is the amorphous structure of the Internet with its “open architecture,” which is easy to penetrate. The second is errors in software and in structure (software and hardware) making it easy to infiltrate. And the third is the trend, in the name of saving and availability, to cram everything into computer systems, which gives cyber warriors a big playing field. Consequently a paradox appears.

A global network is to support narrowly defined national systems and serve their interests. Cyberspace is global, but government agencies and non-governmental organizations, operating in real life and geographical realities, use cyberspace to support their societies. And so in the U.S., the sphere of cyberspace supports the so-called critical infrastructure, banking, transportation, and communications. Armed forces, their command and logistics, are also based on cyberspace. The implications of this paradox are harrowing. Vital, daily functions of the economy, management and defense of the United States (and other countries, including Poland), which are features strictly related to national security, build and rely on the transnational data transfer system – on cyberspace. They are directed by their monitoring systems and information technology, which is open to penetration and attacks from the outside.

Michelle Watson Roscitt has created a new concept – Cyber Statecraft – to describe a system of the joint management of cyberspace by government agencies and private corporations. This includes, in particular, the development of cybersecurity strategy. A partnership made necessary to defend against an ongoing cyberattack from all sides. And there is a lot to fight for!

Cyber spies steal information from the U.S. worth about $300 billion annually. This was the opinion of Director General of Intelligence, Gen. James R. Clapper Jr. as early as 2012. He recognized that cyber attacks pose a greater threat to the U.S. than terrorism. And, where is America’s cyber warfare? Or our allies?

Instead of waiting for the state to act, a bottom-up army of cyber warriors should be created. They should stand side-by-side with the marching National Guard and paramilitary organizations. If the government can’t protect us from cyber aggression by China, Russia, and others, including non-state agents – as evidenced most recently by the theft of over 20 million classified files by Beijing’s hackers – a U.S. cyber militia and a cyber tea party should rally to the rescue.

Author’s note: Text translated into English from Polish by Paweł Piotr Styrna and Barbara Armstrong.

Marek Jan Chodakiewicz is a Professor of History at the Institute of World Politics, A Graduate School of National Security and International Affairs in Washington, DC, where he also holds the Kościuszko Chair in Polish Studies. Professor Chodakiewicz is author of Intermarium: The Land between the Black and Baltic Seas. He is also a contributor to SFPPR News & Analysis.