Former officials buck White House adviser’s comments about government hacking

A top White House official says the U.S. government cannot rely on offensive cyber operations to deter foreign hackers from attacking American computer networks. Thomas Bossert, an assistant to the president for homeland security and counterterrorism, told an audience of former intelligence and defense officials Wednesday in Washington, D.C., that hacking into foreign computer networks should not be considered a means to deterring enemies from breaching American organizations. “There’s very little reason to believe that an offensive cyberattack is going to have any deterrent effect on a cyber adversary,” Bossert said. “In fact, it will likely encourage them to hurry up and become better hackers and develop better defenses. So I don’t just think this is a misnomer, but it’s something that we need to move past and say out loud.” Bossert suggested the U.S. government should instead leverage “national power” to stop future cyberattacks. “I think what we will […]

The post Former officials buck White House adviser’s comments about government hacking appeared first on Cyberscoop.

Continue reading Former officials buck White House adviser’s comments about government hacking

Domain Creep? Maybe Not.

I just read a very interesting article by Sydney Freedberg titled DoD CIO Says Spectrum May Become Warfighting Domain. That basically summarizes what you need to know, but here’s a bit more from the article:

Pentagon officials are drafting new policy that would officially recognize the electromagnetic spectrum as a “domain” of warfare, joining land, sea, air, space, and cyberspace, Breaking Defense has learned. 

The designation would mark the biggest shift in Defense Department doctrine since cyberspace became a domain in 2006. With jamming, spoofing, radio, and radar all covered under the new concept, it could potentially bring new funding and clear focus to an area long afflicted by shortfalls and stovepipes.

The new electromagnetic spectrum domain would be separate from cyberspace, although there’s considerable overlap between the two… 

But the consensus among officials and experts seems to be that the electromagnetic spectrum world — long divided between electronic warriors and spectrum managers — is so technologically complex and bureaucratically fragmented by itself it must be considered its own domain, without trying to conflate it with cyberspace.

My initial reaction to this move is mixed. History and definitions provide some perspective.

One of the big differences between the civilian and military views of “cyberspace” has been, prior to this story, the military’s more expansive view.

The formerly classified National Military Strategy for Cyberspace Operations, published in 2006, defined cyberspace as

A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (emphasis added)

The NMS-CO in a sense embedded cyberspace within EMS. That document also signaled DoD’s formal recognition of cyberspace as a domain. By associating EMS with cyberspace, DoD thought of cyberspace in larger terms than civilian counterparts. In addition to activities involving computers, now cyberspace theoretically incorporated electronic warfare and other purely military functions with little or no relationship with civilian activities.

Army Doctrine Reference Publication No. 3-0 published in 2012 introduced the term “cyber electromagnetic activities” (CEMA). It defined CEMA as

Activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both 
cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy use of the same and protecting the mission command system. Cyber electromagnetic activities consist of cyberspace operations, electronic warfare, and electromagnetic spectrum operations.

This Army publication separates cyberspace and EMS, and created “CEMA” as an umbrella over both.

The more recent  Joint Publication 3-12R, published in 2013, drops explicit mention of the EM spectrum. It defines cyberspace as

A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

With the definitions and their evolution out of the way, consider what it means for cyberspace to be separate from EMS.

In my opinion, cyberspace has always been more about the content, and less the infrastructure. In other words, it’s the information that matters, not necessarily the containers. I first appreciated this distinction when I was stationed at Air Intelligence Agency, where we helped publish Air Force Doctrine Document 2-5: Information Operations in August 1998. Page 3 states

The Air Force believes information operations include actions taken to gain, exploit, defend, or attack [GEDA] information and information systems. (emphasis added)

*Note that document doesn’t use the term “cyber” very much. When describing information warfare, it states

Information warfare involves such diverse activities as psychological operations, military deception, electronic warfare, both physical and information (“cyber”) attack, and a variety of defensive activities and programs.

In any case, the “GEDA” concept stuck with me all these years. I think the focus on the information, rather than the infrastructure, is conceptually useful. Consider: would there be “cyberspace” if it contained no information? The answer might be yes, but would anyone care to use it? It’s the information that makes “cyberspace” what it is, I believe.

In this sense, separating the physical aspect of EMS seems to make sense. However, what does that mean for other physical aspects of manipulating information? EMS seems most tangible when considering radio and other radio frequency (RF) topics. How does that concept apply to cables or servers or other devices? Are they part of EMS? Do they “stay” with “cyberspace”?

Finally, I am a little worried that a reason from creating EMS as a sixth domain could be because it is ” technologically complex and bureaucratically fragmented,” as described in the article excerpt. “Creating” a military domain should not be done to solve problems of complexity or bureaucracy. Domains should be used as constructs to improve the clarity of thinking around warfighting, at least in the military world.

Addendum: When reading Joint Publication 3-13: Information Operations for this post, I saw the following figure:

It is one way to show that DoD considers Information Operations to be a much larger concept than you might consider. IO is often neglected in the “cyber” discussions, but with the ideas concerning EMS, IO might be hot again.

Tweet

Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Continue reading Domain Creep? Maybe Not.

Domain Creep? Maybe Not.

I just read a very interesting article by Sydney Freedberg titled DoD CIO Says Spectrum May Become Warfighting Domain. That basically summarizes what you need to know, but here’s a bit more from the article:

Pentagon officials are drafting new policy that would officially recognize the electromagnetic spectrum as a “domain” of warfare, joining land, sea, air, space, and cyberspace, Breaking Defense has learned. 

The designation would mark the biggest shift in Defense Department doctrine since cyberspace became a domain in 2006. With jamming, spoofing, radio, and radar all covered under the new concept, it could potentially bring new funding and clear focus to an area long afflicted by shortfalls and stovepipes.

The new electromagnetic spectrum domain would be separate from cyberspace, although there’s considerable overlap between the two… 

But the consensus among officials and experts seems to be that the electromagnetic spectrum world — long divided between electronic warriors and spectrum managers — is so technologically complex and bureaucratically fragmented by itself it must be considered its own domain, without trying to conflate it with cyberspace.

My initial reaction to this move is mixed. History and definitions provide some perspective.

One of the big differences between the civilian and military views of “cyberspace” has been, prior to this story, the military’s more expansive view.

The formerly classified National Military Strategy for Cyberspace Operations, published in 2006, defined cyberspace as

A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (emphasis added)

The NMS-CO in a sense embedded cyberspace within EMS. That document also signaled DoD’s formal recognition of cyberspace as a domain. By associating EMS with cyberspace, DoD thought of cyberspace in larger terms than civilian counterparts. In addition to activities involving computers, now cyberspace theoretically incorporated electronic warfare and other purely military functions with little or no relationship with civilian activities.

Army Doctrine Reference Publication No. 3-0 published in 2012 introduced the term “cyber electromagnetic activities” (CEMA). It defined CEMA as

Activities leveraged to seize, retain, and exploit an advantage over adversaries and enemies in both 
cyberspace and the electromagnetic spectrum, while simultaneously denying and degrading adversary and enemy use of the same and protecting the mission command system. Cyber electromagnetic activities consist of cyberspace operations, electronic warfare, and electromagnetic spectrum operations.

This Army publication separates cyberspace and EMS, and created “CEMA” as an umbrella over both.

The more recent  Joint Publication 3-12R, published in 2013, drops explicit mention of the EM spectrum. It defines cyberspace as

A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

With the definitions and their evolution out of the way, consider what it means for cyberspace to be separate from EMS.

In my opinion, cyberspace has always been more about the content, and less the infrastructure. In other words, it’s the information that matters, not necessarily the containers. I first appreciated this distinction when I was stationed at Air Intelligence Agency, where we helped publish Air Force Doctrine Document 2-5: Information Operations in August 1998. Page 3 states

The Air Force believes information operations include actions taken to gain, exploit, defend, or attack [GEDA] information and information systems. (emphasis added)

*Note that document doesn’t use the term “cyber” very much. When describing information warfare, it states

Information warfare involves such diverse activities as psychological operations, military deception, electronic warfare, both physical and information (“cyber”) attack, and a variety of defensive activities and programs.

In any case, the “GEDA” concept stuck with me all these years. I think the focus on the information, rather than the infrastructure, is conceptually useful. Consider: would there be “cyberspace” if it contained no information? The answer might be yes, but would anyone care to use it? It’s the information that makes “cyberspace” what it is, I believe.

In this sense, separating the physical aspect of EMS seems to make sense. However, what does that mean for other physical aspects of manipulating information? EMS seems most tangible when considering radio and other radio frequency (RF) topics. How does that concept apply to cables or servers or other devices? Are they part of EMS? Do they “stay” with “cyberspace”?

Finally, I am a little worried that a reason from creating EMS as a sixth domain could be because it is ” technologically complex and bureaucratically fragmented,” as described in the article excerpt. “Creating” a military domain should not be done to solve problems of complexity or bureaucracy. Domains should be used as constructs to improve the clarity of thinking around warfighting, at least in the military world.

Addendum: When reading Joint Publication 3-13: Information Operations for this post, I saw the following figure:

It is one way to show that DoD considers Information Operations to be a much larger concept than you might consider. IO is often neglected in the “cyber” discussions, but with the ideas concerning EMS, IO might be hot again.

Tweet

Copyright 2003-2016 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Continue reading Domain Creep? Maybe Not.