The Gray Lines Between Reconnaissance, Espionage and Cyberwar
Monday, November 15, 2010
There has been a lot of discussion about cyberwar and other threats to electronic infrastructure in the past few years, but there hasn't been much basic definition of terms, especially terms that public decision makers and the general public can share.
This is one attempt to provide some basic terms that can be meaningful to both groups. Here are three terms to start the process:
1. Reconnaissance
In conventional warfare terms, this is the process of gathering information about an enemy and the terrain in which you will face him.
Most of this information is readily available; all that's needed is time and effort. In fact, there is little a defender can do to deny this information to an enemy.
In the electronic arena, reconnaissance efforts would focus on identifying potential value target systems (operating systems, ports used, etc.) and their supporting services (firewalls, DNS, failovers, etc.).
Except for the case of systems totally disconnected from the Internet, this sort of activity is inevitable and probably not worth defending against.
2. Espionage
In conventional warfare terms, this activity is the process of getting non-public or classified information (or items). It's usually illegal, but not generally a cause for a declaration of war between nations.
Discovered espionage attempts will, however, tend to cool off diplomatic relations. Electronic espionage is the logical extension of conventional means and, like their cousins, may be tolerated, sanctioned on a tit-for-tat basis, or singled out for more severe political sanctions.
The rub for most nations is that, the more they retaliate against these activities, the less able they are to use them to gather their own intelligence information.
3. Act of War
The definition of an act of war has changed over the last century. Originally, it involved the attack or occupation by one nation of another nation--its territory, citizens, commercial interests, etc.--and sometimes included a diplomatic declaration as well.
More recently, it has come to represent a tacit recognition of hostilities without an overt declaration. Democratic nations have the most difficulty with this class of activity, as their populations tend to be more involved in national decisions and may well take the situation in unintended directions.
Further complicating things recently have been the rise of nongovernmental organizations that legally transcend borders (corporations), furtively skirt national power (criminal syndicates), or even influence or displace governmental authority (most semi-successful insurgencies).
Since we currently have only a vague definition for a state of war, people will also have a hard time deciding what an act of war would look like in cyberspace, especially when nongovernmental organizations get involved.
Defining basic terms such as these only begins to scratch the surface, but attempting to make or implement policy without them is no shortcut.
Comments
Post a Comment