Cyberspace and 4th Generation Warfare – A Marriage of Convenience

In 1989 a group of US military analysts including William S. Lind, decided to conveniently ignore the rest of world history and look at evolution in armed conflict starting at a mere 100 years before the inception of the United States. Any biologist worth his salt will tell you that this is too small a sample to take an accurate measurement of such a lengthy ordeal as evolution, but for this article’s sake I will digress.

The resultant work of this team was published in the US Marine Corps Gazette and revolved around a ‘generational’ view to warfare, in which each evolution – dubbed a Generation – had distinct characteristics particular to that generation. In their article they describe four generations. The following definitions were gleaned from Wikipedia:

First Generation: tactics of line and column; which developed in the age of the smoothbore musket. William S. Lind (2004) explains the generations of war as the First Generation beginning after the Peace of Westphalia in 1648 ending the Thirty Years’ War and establishing the state’s need to organize and conduct war. 1GW consisted of tightly ordered soldiers with top-down discipline. These troops would fight in close order and advance slowly. This began to change as the battlefield changed. Old line and column tactics were now suicidal as the bow and arrow/sword morphed into the rifle and machine gun (Lind 2).

Second Generation: tactics of linear fire and movement, with reliance on indirect fire. This type of warfare can be seen the early stages of WWI, where there was still strict adherence to drill and discipline of formation and uniform, but the dependence on artillery and firepower to break the stalemate and move towards a pitched battle.

Third Generation: tactics of infiltration to bypass and collapse the enemy’s combat forces rather than seeking to close with and destroy them; and defence in depth. The 3GW military seeks to bypass the enemy, and attack his rear forward, such as the tactics used by German Storm Troopers in WWI against the British and French in order to break the trench warfare stalemate (Lind 2004). These aspects of 3GW bleed into 4GW as it is also warfare of speed and initiative. However, it targets both military forces and home populations.

Fourth Generation:  tactics generally revolve around unconventional warfare, often seen as terrorist activities or Insurgency. The conflict itself is characterized by a blurring of the lines between war and politics, soldier and civilian, often leading to long and drawn out conflicts. In terms of generational modern warfare, the fourth generation signifies the nation states’ loss of their near-monopoly on combat forces, returning to modes of conflict common in pre-modern times. The simplest definition includes any war in which one [or more, ed.] of the major participants is not a state but rather a violent non-state actor.

The article was heavily debated on its accuracy, especially when considering the rest of world history. Certain forms of warfare had always existed and seem more dependant on the intelligence of the Generals fighting the war than it does on technology or ‘modernity’. For instance it can be argued that Maneuver Warfare -or 3d generation- was used with great success by conquerors such as Alexander the Great (356 – 323 BC) when he deployed his cavalry in a flanking maneuver.  Additionally we can see 4th generation warfare (4GW) in the rise of Spartacus in ancient Rome, where he (a non-state entity) made war with the Romans. Nevertheless the theory made one point that is of particular application to Cyber Warfare: A blurring of the lines between Soldier and Civilian. Everyone can start a war through cyberspace. War is no longer the sole province of Nation States.

(more…)

Dutch government to design Cyber Defence doctrine

Cyber WarfareIn the past I’ve always said that the Dutch government needs to do more in the area of Cyber Warfare / Cyber Security because there didn’t seem to be too much going on. Our Defence department didn’t post anything about starting up a Cyber Command, nor was there any government activity to be seen. However, though it wasn’t easy to find, there does finally appear to be some movement on the horizon.

During a meeting about the 2010 Defence budget, members Knops (CDA), Voordewind (CU) and Eijsink (PVDA) established that there was no mention of Cyber Warfare in the budget. They note that Cyber Warfare is an issue of great concern, and submitted motion 32 123x nr. 66 (in Dutch) to start interdepartemental development of a Cyber Security Strategy and urges The Netherlands to start actively participating in NATO initiatives on the subject.

In a letter by the Minister of Defence (again in Dutch), Eimert van Middelkoop acknowledges that rapid developments in technology have also led to certain threats such as cyber crime and cyber warfare. He describes what is understood by the term Cyber Warfare and how it relates to his department, along with how various other ministries also have responsibilities regarding cyber security issues.

A brief overview:

  • Interdepartmental coordination of Cyber Security in general is handled by the Ministry of the Interior through the National Security Program;
  • Cyber Crime is handled by the Ministry of Justice;
  • Cyber Terrorism falls under the National Coordinator of Counter-Terrorism (NCTb);
  • Cyber Defence is a shared responsibility between the Ministry of Defence and the Ministry of the Interior;
  • National Critical Infrastructure is handled by the Ministry of Economics

Minister van Middelkoop asserts that commercial parties also have a role to fulfill in the development and implementation of a cyber security strategy, to which I can only wholeheartedly agree. The next paragraph of this most clarifying letter confirms the existance of the Defence departments’ own CERT (DEFCERT), and its responsibilities towards defending its networks. In a separate letter he mentions that DEFCERT is growing and is expected to be fully operational in 2012.

Probably the most important information that can be obtained from this letter is in the final paragraph. It contains The Netherlands’ intentions in this area, which resemble those of Great Britain:

  • Creation of a Cyber Defence doctrine and implementation of a strategy;
  • Development of a Cyber Incident Responce strategy;
  • Investigation of Cyber Intelligence Gathering and the legal ramifications thereof;
  • Establishment of bilateral communications and best practices with NATO and the CCDCOE in Tallinn, Estonia

Compared to what has been released by the Dutch government on this topic, its a lot of information that suddenly became available. As a concerned Dutch citizen, I am very happy to see that this threat is finally addressed. With the dependency on technology growing every day, cyber security will continue to grow in importance along with it. If we do not work towards creating a safer cyberspace now, the consequences could be dire.

“Threat of cyber war is overhyped” – Bruce Schneier

Bruce SchneierThis month’s Ostrich Award would have to go to Bruce Schneier for his opinion piece on CNN.com. In it, he states that he’s seeing  a power struggle in the US government about who’s in charge of Cyber Security. In a surprizingly anti-establishment departure from his normally so levelheaded approach, he surmises that there’s some kind of goldrush going on that the Military is winning. By continuously beating the war drums, says Schneier, the Internet may become militarized and we can infer by this rhetoric that “citizens lose” when that happens. However: what he’s really seeing is the various branches of the armed forces rushing to finally defend the networks they were already supposed to be defending.

His article quotes people like Richard Clarke, General Keith Alexander and NSA Director Mike McConnell whom, according to Schneier, have all been actively hyping the dangers of cyber war just to get a leg up for their respective agencies. In a dangerous demonstration of sticking one’s head firmly in the sand, he goes on to point out that what we’ve seen so far is nothing but a little cyber espionage and little kids playing ‘hackerz’ on the internet. Sadly, by doing so he is dismissing the overwhelming evidence out there of the state-level involvement by multiple countries with the planting of logic bombs in national power grids (not just in the US) to what is seen by the military as ‘preparing the battlefield’. He also essentially dismisses cyber espionage being an act of war because we can’t properly attribute it, even though we’re seeing a massive exfiltration of data in virtually all fields (military, commercial and political). No reasonable person would consider it a minor infraction if this had been done by spies in the field – attributed or not. Apparently, the fact that its ‘only digital’ espionage makes it harmless.

Schneier concludes that this whole beating of the war drums reinforces the notion that we’re vulnerable. Well Yes Bruce, have you considered that this might be that its because you are? Really, you should do a little more research about discovered breaches into armed forces networks (SIPRNET et al) and critical infrastructure networks before writing this stuff. There are tons of articles out there that would further discredit your opinion piece on CNN. You could also go ahead and pick up a few books like Richard Stiennon’s Surviving Cyber War or Jeffrey Carr’s Inside Cyber Warfare. Hell, even Richard Clarke’s Cyber War contains some interesting stuff that you can actually go out and validate yourself.

If nothing else, you could go by the notion that if something is possible, you can bet that someone is doing it.