Inside Cyber Warfare - Jeffrey Carr [112]
Cyber DEFCON 3 could be activated in the aftermath of cyber reconnaissance and an initiating event. For example, in the aftermath of the US-China spy plane incident in 2001, when a US Navy EP-3 surveillance aircraft collided with a People’s Liberation Army fighter plane. This incident sparked a cyber war between US and Chinese hackers, during which a number of US and Chinese websites were defaced or knocked offline.
Cyber DEFCON 2 could be activated after an initiating event occurs and the mobilization of enemy cyber militias is detected. In the aftermath of the invasion of South Ossetia, pro-Russian hackers launched the StopGeorgia.ru website in order to mobilize a pro-Russian cyber militia. As previously discussed, cyber mobilization typically occurs in semipublic forums because militia organizers desire to attract as many sympathetic hackers as possible. The more public the call to arms, the greater the chance the militia will recruit new members and increase in size. Fortunately, the more public the call to arms, the greater the likelihood that the defender will detect the mobilization of the enemy’s cyber militia. When these types of activities are detected, cyber DEFCON 2 should be activated.
Cyber DEFCON 1 should be activated when attacks appear imminent or are ongoing. It is apparent that cyber attacks will be used either in parallel with armed attacks or as the sole means of attack between adversaries. Therefore, it is important to understand how attacks are planned, organized, and executed.
Use of this model may improve the ability of the United States to predict and defend against future politically motivated cyber attacks. It is therefore important that this 5-stage model be discussed, tested, and altered as necessary.
* * *
[39] Ned Moran is a senior intelligence analyst for a well-known systems integrator, an adjunct professor in intelligence studies at Georgetown University, and a valued member of Project Grey Goose.
Originally Ned invited me to coauthor this paper for publication elsewhere, but due to my time limitations and the innovative nature of Ned’s proposed model of predicting cyber attacks, I asked if he would consent to having it published here first. He graciously agreed, and I think the book is richer for it.
Chapter 13. Advice for Policymakers from the Field
One of the many goals of this book is to offer informed advice to those individuals who will ultimately shape US policy in this highly complex domain. To that end, I announced an open call for submissions from individuals who are engaged in protecting their respective nation’s networks from attack on a daily basis, both nationally and internationally.
Providing experts from other countries with a voice symbolizes the international approach to cyber security that has consistently provided the best results in combating cyber intrusions and in identifying the state and nonstate actors involved.
This chapter contains thought-provoking pieces of varying lengths from a naval judge advocate who wrote his thesis on cyber warfare, an experienced member of an international law enforcement agency, and a scientific adviser on national security matters to the Austrian government, as well as my own contribution.
When It Comes to Cyber Warfare: Shoot the Hostage
By Jeffrey Carr
Harry: OK, Airport. Gunman with one hostage, using her for cover. Jack?
Jack: Shoot the hostage.
Harry: What?
Jack: Take her out of the equation.
Harry: You’re deeply nuts, Jack.
—Speed (1994), written by Graham Yost
The fun of movie scenarios aside, consider the same strategy when the hostage is not a human being but a piece of technology or a legacy policy that no one wants to change.
Here’s a new scenario. A state or nonstate hacker attacks US critical infrastructures and Department of Defense networks at will and without fear