Inside Cyber Warfare - Jeffrey Carr [111]
Instead, policymakers should focus on those cyber attacks executed by adversaries with preexisting grievances against the United States. These latent political tensions encourage an attacker’s cyber militia to conduct detailed cyber reconnaissance as well as rally sophisticated hackers to join the attacker’s cyber militia.
This model could also be used to distinguish between cyber crime attacks and politically motivated attacks. Sophisticated politically motivated cyber attacks will follow the 5-stage model set forth earlier in this chapter: latent tensions, cyber reconnaissance, initiating events, cyber mobilization, and cyber attack. Unsophisticated politically motivated cyber attacks will follow a truncated 3-stage model of initiating event, cyber mobilization, and cyber attack.
In contrast, cyber crime attacks are more likely to follow an altered 2-stage model: cyber reconnaissance and cyber attack. If no latent tensions exist between adversaries, no obvious initiating event occurs, and no mobilization of cyber militia is detected, then criminal organizations motivated by financial gain are likely responsible for the attacks in question.
The true value of this model is two-fold. From a proactive perspective, this model shows us that well-organized and sophisticated politically motivated cyber attacks are likely to involve some public or semipublic form of cyber mobilization. Cyber militias are likely to rally other sympathetic hackers to their cause via online chat rooms and message boards. These calls to arms are typically announced via public or semipublic channels because cyber militias are typically interested in rallying a large number of hackers to their cause. As more hackers join the cyber militia, the power of the militia increases in terms of its ability to generate more bandwidth during a distributed denial of service attack. Additionally, as more hackers join a cyber militia, more noise is generated and defenders will have a harder time detecting truly malicious attacks from the more benign brute-force denial of service attacks. Fortunately for the defenders, as cyber militias attempt to rally more hackers to their cause, their public or semipublic communications can be intercepted. A proactive defender can intercept a cyber militia’s call to arms and construct an informed defensive posture.
From a reactive perspective, use of this model could aid in assigning attribution for a cyber attack. As discussed, a sophisticated politically motivated cyber attack is likely to occur against the backdrop of latent political tensions between adversaries. As actors within the international arena are likely to have adversarial relations with only a limited number of actors, that pool of possible attackers is limited. The pool of possible attackers is further limited to those actors that have previously demonstrated both the capability and intent to conduct sophisticated cyber attacks.
Defense Readiness Condition for Cyberspace
The proposed 5-stage framework of politically motivated cyber attacks can be used to create a Defense Readiness Condition (DEFCON) for cyberspace. The existing DEFCON scale, from 5 to 1, measures the readiness level of the US armed forces. DEFCON 5 represents normal peacetime military readiness, whereas DEFCON 1 represents maximum readiness and is reserved for imminent or ongoing attacks against the United States.
The 5-stage model also could be used to inform the United State’s DEFCON rating for cyberspace. Cyber DEFCON 5 exists during normal conditions with latent political tensions between the United States and a range of adversaries.
Cyber DEFCON 4 could be activated when cyber reconnaissance is detected against the backdrop of existing latent political tensions between