Boy, after listening to this, I am wondering if DARPA is reading the blog? I have talked about the Cyber Lance in the past, as well as Cyber Privateering and the issuance of the Letter of Marque, and the language I am hearing in this talk sounds a lot like Offense Industry talk to me. All I know is she really wanted to emphasize the complexity of the commons called cyber space, and that ‘capability’ must be explored for the defense and offense in such an environment.
What is really interesting is that Dr. Dugan is heading off to work for Google. Google would be a fantastic place to work at, to truly explore the various ways to combat cyber criminals and enemies. She would also get an inside view as to what Google thinks is the answer.
As to my commentary on the whole thing? I think I will let Sam Quint speak for me below…. lol –Matt
The honorable Sam Quint replies….
Comments Off on Technology: Dr. Regina Dugan Speaks At DARPA Cyber Colloquium, Sam Quint Reponds….
In language discussing the bill, conferees say that because there is no historical precedent for what constitutes traditional military activities in cyberspace, “it is necessary to affirm that such operations may be conducted pursuant to the same policy, principles and legal regimes that pertain to kinetic capabilities.”
This is big news, and historical. The rules and laws of kinetic war now apply to Cyber War, and this brings up all sorts of ideas. For example, will we see more Cyber Lance type activities? Maybe a US special forces team combined with civilian hackers to locate and kill/capture enemy hackers or whomever? Who knows, and who knows how these new rules will apply?
Perhaps we will see the same issues that have popped up for today’s modern wars. Especially with the hybrid of private and public forces in conflict. I say this, because the US does not have the monopoly on ‘hacking force’. If they want the best, they can try to develop that capability internally, but inevitably they will have to reach out to private companies or individuals that are experts in these fields and pay them to do it.
Here is one quote below that really perked me up. Check it out:
Since the military cannot afford to pay enough to recruit qualified software and Internet engineers for this sort of work, it has turned to commercial firms. There are already some out there, companies that are technically network security operations, but will also carry out offensive missions (often of questionable legality, but that has always been an aspect of the corporate security business.) Some of these firms have quietly withdrawn from the Internet security business, gone dark, and apparently turned their efforts to the more lucrative task of creating Cyber War weapons for the Pentagon. It may have been one of these firms that created, or helped create, the Stuxnet worm.
I read this and thought, why not just fire up the Letter of Marque and Reprisal and give these firms the legal authority and protections necessary to take part in offensive operations? The LoM is sitting right there in the War Powers clause in the US Constitution, and it just seems to me that we are missing the boat when it comes to doing this stuff. We could be legally authorizing the companies to steal funds and intellectual property from all sorts of enemies out there, and label these companies cyber privateers. (which if the military helped at all, would those commanders or the US be entitled to a cut? lol)
My other thought about all of this is when will we see a Cyber Weapon used in such a way as to actually kill like a real weapon? And with this public/private partnership we will have, we could potentially see IT Security companies build these weapons, and possibly even launch it. Just imagine if Stuxnet actually caused deaths in some weapons plant or nuclear facility? That would definitely put the ‘War’ in Cyber War. Very interesting….-Matt
America Legalizes Cyber War
December 18, 2011
The U.S. Congress approved a new law on December 14th that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war, also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war).
The U.S. Department of Defense has long advocated going on the offensive against criminal gangs and foreign governments that seek (and often succeed) to penetrate U.S. government and military Internet security, and steal information, or sabotage operations. Over the past year, and without much fanfare, the Department of Defense has been making preparations to do just that.
This is very intriguing, because we just don’t know who is operating as Anonymous. It could be a legitimate group of do-gooders that want to attack the cartels, or it could be a competing cartel that wants to target the Zetas, and use the Anonymous handle to do this.
But as STRATFOR pointed out, the cartels have their own computer experts, and they will certainly hunt down any threats and make an example of them. They have already hunted down and killed reporters and bloggers, and this new threat from Anonymous will be dealt with in the same brutal and bloody way.
The other thing to remember is that the cartels have a ton of money to hire cyber lance teams. Or basically a team that can hunt people online, and kill or capture them with their armed component. I would not underestimate their ability to assemble such a team, and I am sure they already have such folks working as we speak. This will certainly be a true test of Anonymous’ OPSEC/PERSEC abilities.
This also brings up another concept that I have gone over in the past, and that is fifth generation warfare. A third possibility here, is that either an enemy of the Zetas or of Anonymous, or even of both, has put this whole thing together in order to create a ‘war’ between the two. That third party can constantly and anonymously feed both parties to make that war very bloody and costly, and that third party would benefit–and yet stay completely out of the mess. The question is, who is the third party? (Although I tend to agree with Lind that it is still too early to really define what fifth generation warfare is) But this theory would fit into some of the definitions that are floating around out there. Who knows?
Either way, we will see how this works out. I do know that with this kind of cyber warfare, there will be no limitations or niceties. Both sides will be trying to do massive harm, both online, and in reality. Although I would put my money on the Zetas for putting the lance in ‘cyber lance’. I hope Anonymous is ready to play, because this is when the game get’s very serious. –Matt
Edit: 11-08-2011, So Jester (a certain hacker that is well known for taking on Wikileaks and other folks in prime hacker fashion) has just posted a very interesting deal about this story. He just identified an individual named Barrett Brown who was behind all of this, and that the kidnapping was fabricated–all because he wanted to generate some buzz about Anonymous. The reason? To sell a book. lol Yep. Here is the quote from Jester:
Message to all. The truth of the matter is this, with Brown, it’s not about fighting Mexican injustice, it’s not about a ‘kidnapped’ Anon, it’s not even about him having a problem with the prices he has to pay to get high, it’s not about anything except him generating interest in his upcoming book.
I want to thank Matt from Facebook for bringing up this quote from Starship Troopers. I found the movie clip of the quote and it clearly shows the weakness of cyber warfare. It shows why you must have a direct action/physical security component mixed with your cyber warfare/information operations unit.
The simple reason why is that all it takes for your enemies to ruin your ‘hacking’ ventures, is for them to kill your hacker and physically destroy his equipment. To ‘throw a knife into the hand of the guy that pushes the buttons’, to paraphrase the quote up top.
Or worse, that hacker could be tortured and key information could be extracted in order to conduct a larger attack. The value of what that hacker knows (a nation or company’s secrets), or what they know how to do (hacking a nation or company), makes them a high value target.
In other words, today’s freelance hacker or even government/military hacker, is a highly valuable asset to a nation or a company. That highly valuable asset must be defended, and have a highly evolved physical and cyber offensive capability in order to compete and survive in today’s world.
So in order to deal with this new reality I have developed and defined a new term that I wanted to share with the readership. Enter the ‘cyber lance’.
Basically, a cyber lance is a combined arms team within a privateer company or military unit. Or it could be an outsourced team. The lance part comes from the french term Lances fournies, or ‘lances fournished’. Here is the definition from wikipedia.
The Lances fournies (French: “lances furnished”) was a medieval army squad that would have surrounded a knight in battle, consisting of a four to ten man team built of squires, men-at-arms (usually mounted swordsmen), archers, attendants (pages) and the knight himself. These units formed companies under a captain either as mercenary bands or in the retinue of wealthy nobles and royalty. A Lance was usually led and raised by a knight in the service of his liege, yet it is not uncommon in certain periods to have a less privileged man, such as a sergeants-at-arms, lead a lance. More powerful knights, also known as a knight bannerets, could field multiple lances.
And of course the cyber is used to refer to anything to do with the internet or computing. I particularly like this etymology of cyber from wikipedia:
By the 1970s, the Control Data Corporation (CDC) sold the “Cyber” range of supercomputers, establishing the word cyber- as synonymous with computing. Robert Trappl credits William Gibson and his novel Neuromancer with triggering a “cyber- prefix flood” in the 1980s.
What’s cool about a cyber lance, is that a company can actually define it’s size to a client. They can say ‘we have 20 cyber lances’ or ‘cyber lancers’ (whatever sounds better to the user)
The other reason why I like the cyber lance concept, is that it mixes physical security with cyber security. It also mixes physical offense, with the cyber offense. You must have one with the other as the world of cyber warfare continues to evolve. The cyber lance defines that combined arms group of hackers and shooters. The way I envision it, it could be as simple as a protective detail assigned to a hacker, or as involved as a special forces type team that does both the protection of a hacker, and conducts offensive operations based upon the information gained by that hacker. It is a fusion of the cyber and the physical, and all the potential actions that can come out of that combination.
I also like the etymology of lance corporal. If you have ever served in the Marines, you more than likely were a ‘Lance Corporal”. Although the lance part refers to lancepesade.
From the Italian lanzia spezzata, which literally means “broken lance” or “broken spear”, but which was used to denote a seasoned soldier (the broken spear being a metaphor for combat experience, where such an occurrence was likely).
Or if you have ever heard of the term ‘free-lance photographer’ or ‘free-lancer‘ (etymology- medieval mercenary warrior) , then now you know the origins of the term. I think it works pretty nicely for cyber lance. So to me, cyber lance makes perfect sense in the context of what I am talking about here.
The cyber lance is also flexible in it’s usage. They could be all military units, or a private cyber lance contracted out to the government or companies. A cyber privateer or cyber pirate company would have several groups of cyber lances as an organizational idea. Each cyber lance is just a unit or term to describe this hardened ‘hacker team with teeth’. It also goes back to the idea of combined arms, or mutually supporting groups within a unit. This concept is very much a part of the building snowmobiles mindset.
Combined arms is an approach to warfare which seeks to integrate different branches of a military to achieve mutually complementary effects (for example, using infantry and armor in an urban environment, where one supports the other, or both support each other). Combined arms doctrine contrasts with segregated arms where each military unit is composed of only one type of soldier or weapon system. Segregated arms is the traditional method of unit/force organisation, employed to provide maximum unit cohesion and concentration of force in a given weapon or unit type.
A cyber lance also promotes the idea of ‘team’, as opposed to an individual. I believe cells or teams are far more capable for the attack and defense, as opposed to just an individual. The security of a nation or company, or the prosecution of that nation or company’s best interest would best be placed into the hands of a team, as opposed to just one individual. Primarily because teams would actually have the ‘teeth’ necessary to capture or kill ‘individuals’, or defend against an attacking force. A cyber lance could also be attacked by a cyber lance, or a group of cyber lances that would make up a cyber privateer company.
Another key component of the cyber lance is it’s ability to work within the borders of another country or navigate the complexities of the commons called cyber space. A small team can be surgical and have a light foot print. It also falls in line with the concepts of netwar, and offense industry which was a past building snowmobiles post.
Finally, as hackers become more valuable and more capable, it will be of national interest to protect these assets. The cyber lance could very well be the next chapter or paragraph in the world of combined arms and cyber warfare. It will also take the combination of the hacker’s mind and the tactical and strategic thinking of a special operations team to think of all the ways a cyber lance could be used for the defense or offense. The end result could lead to the destruction of a nation’s key national security assets, or the preservation of a nation’s vital national security assets. That is what makes a cyber lance a very important and lethal building snowmobiles concept. –Matt