Strategic Cybersecurity, Module 4: The Bureaucracy of Cyber Conflict.
This lecture provides a background of cyber conflict and considers deterrence systems (or lack thereof).
Once you have completed the readings, lecture activity, and assessment, you will be able to:
- Describe how President Ronald Reagan was alerted to the problem of cybersecurity
- Describe the first-known case of cyber espionage, which occurred in 1967.
Welcome to Strategic Cybersecurity, Module 4. Although many might believe that cyber espionage is a recent issue, the fact is that nation-states have been using cyber espionage for decades to steal secrets from one another.
The First Cyber Espionage
In fact, the first act of nation-state espionage is believed to have occurred 50 years ago, in 1967, when East German spies hacked into computers operated by an IBM subsidiary in West Germany. The intrusion was so worrisome that it prompted the U.S. House of Representatives to hold three days of hearings on the risks of computer espionage.
Historically, one of the biggest issues with cybersecurity, and thus cyber conflict, is that politicians and other national security leaders may not take it seriously, particularly if they do not understand the technology.
By the early 1980s, both the U.S. military and many corporations in the country were using computer technology on an increasing level to support their operations.
Early Computer Systems
The U.S. Department of Defense's Strategic Command was relying heavily on computers for its nuclear weapons missions, specifically with regard to operating advanced guidance systems and potentially tracking incoming enemy missiles.
Computers were still expensive mainframe systems, and few government officials, including senior policymakers, were at all familiar with them. Hollywood was left to introduce the potential uses and vulnerabilities of the new technology to the public and even to the Oval Office.
The War Games Movie
In 1983, President Ronald Reagan viewed the motion picture WarGames, about a young hacker who accesses a military supercomputer and nearly begins a war.
Though the hacker initially believes that he is playing a benign computer game, the supercomputer is, in fact, part of a nuclear weapons control system, and a situation erupts that nearly results in World War III.
After viewing the movie, President Reagan asked an advisor to research whether such a scenario could actually occur. Months later, a senior military advisor reported to Reagan that many of our important military computer systems did indeed lack sufficient protections.
By the beginning of the First Gulf War in January 1991, computers were ubiquitous in all aspects of U.S. military operations. Computer-supported smart bombs, satellite communications, advanced avionics, and sophisticated target tracking systems were all on full display during that war and initiated net-centric warfare.
Net-centric warfare essentially refers to the ability to network sensors and communication systems so that situational awareness of military commanders and other strategic decision makers is enhanced.
Robust situational awareness helps commanders increase targeting precision and improve the military's overall unity of effort.
The Computer-enabled Military
Both China and Russia were caught off guard by the United States' sophisticated computer-enabled military operations and were awed by our quick victory over Iraq.
China, in particular, was especially concerned with the United States' new ability to wage high-tech war, particularly because China's military relied on more primitive technology, similar to Iraq's.
As a result, both China and Russia initiated long-range strategic development programs to upgrade their military capabilities, with the goal of creating their own net-centric militaries.
Even as it ramped up technologies, however, China believed that the United States had become over-reliant on technology and began research on how to asymmetrically exploit and disrupt this over-reliance.
Since the First Gulf War, many of our adversaries have exponentially increased both offensive and defensive cyber capabilities. The United States' advantage in technology over the last three decades has rapidly diminished, and we now struggle to out-innovate our foes.
As with most new weapons, however, each country is still trying to figure out how to deter others from using cyber weapons. For instance, the use of nuclear weapons changed the way that military strategists war-gamed, culminating in deterrence doctrines like mutually assured destruction.
And the use of cyberweapons has forced strategists to go back to the drawing board to develop similar types of deterrence theories. Still, at the dawn of the cyber age, we lack any system of cyber deterrence similar to that of nuclear weapons use.
The Russian Interference
Simply consider the Russian interference in the 2016 U.S. presidential election. The U.S. intelligence communities report background to assessing Russian activities and intentions in recent U.S. elections noted that the purpose of Russian interference was to “undermine public faith in the U.S. democratic process, “denigrate Secretary Clinton and harm her electability and potential presidency,” among other things.
Russia deliberately attacked the very fabric of American society in hopes of sewing chaos and ultimately weakening the geopolitical power of the United States.
How does one deter this type of interference from a nation-state rival like Russia?
The North Korean Attack on Sony
We could use a tit-for-tat approach, similar to that used in the era of Cold War espionage. And consider how best to deter the actions of North Korean leader Kim Jong-un, who ordered an attack on Sony Pictures as revenge for the release of the motion picture The Interview, which painted North Korea's leadership in an unfavorable light.
Much like the nuclear weapons paradigm, these questions of deterrence in cyberspace will eventually be worked out.
One positive development for the United States, however, is that our country was relatively quick to recognize the need for an organizational backbone to facilitate the development of both offensive and defensive cyber operations.
For example, by the time of the Kosovo War in the late 1990s, the U.S. military had the capability to use computer technologies to disrupt enemy operations and, in fact, used this capability to disrupt the Serbian Integrated Air Defensive Systems or IADS.
JTF-CNO to U.S. Cyber Command
Soon after the war's end, the U.S. military formed the Joint Task Force – Computer Network Operations, or JTF-CNO, to better coordinate the types of offensive computer operations the United States had conducted against Serbia.
Eventually, the JTF-CNO morphed into an organization called the Joint Task Force – Global Network Operations, co-located with the National Security Agency headquarters and became the precursor to today's U.S. Cyber Command.
Quiz Question 1: What movie was President Ronald Reagan watching when he asked his advisers to look into the security of the networks controlling the nation's nuclear arsenal?
A: Kramer versus Kramer.
B: Dr. Strangelove.
D: The Day After. The answer is
Quiz Question 2: According to the article Cyber Security: A Pre-History, which of the following is not a purpose of Reagan's National Security Decision Directive 145 (NSDD-145)?
A: The directive helped secure the information systems of the Federal government.
B: The directive made NSA responsible for setting standards of all government telecommunication systems.
C: The directive gave the President the final authority to launch nuclear weapons.
D: The directive gave NSA the mission of conducting security research on government telecommunication systems.
The answer is C: The directive gave the president the final authority to launch nuclear weapons.
Quiz Question 3: True or False: The first-known incidence of cyber espionage occurred in 1967 when a computer operated by an IBM subsidiary in West Germany was hacked.
The answer is True.
The activity for this module asks that you consider your own career or current job and reflect on how computer technology has affected it, compared to 30 or 40 years ago.
Did the type of work you do, or what is created as a result of computer technology in your work, even exist three or four decades ago? How do you think your job may change over the next few decades? Will your job exist, or could it be automated due to innovations in artificial intelligence?
Go to: Module 5: Vulnerabilities and Vectors
“Strategic Cybersecurity” by Augusta University is licensed under CC BY 4.0 / Original video transcribed and re-structured.