BN.com Gift Guide

Conquest in Cyberspace: National Security and Information Warfare / Edition 1

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $18.30
Usually ships in 1-2 business days
(Save 47%)
Other sellers (Paperback)
  • All (10) from $18.30   
  • New (5) from $29.99   
  • Used (5) from $18.30   

Overview

With billions of computers in existence, cyberspace, 'the virtual world created when they are connected,' is said to be the new medium of power. Computer hackers operating from anywhere can enter cyberspace and take control of other people's computers, stealing their information, corrupting their workings, and shutting them down. Modern societies and militaries, both pervaded by computers, are supposedly at risk. As Conquest in Cyberspace explains, however, information systems and information itself are too easily conflated, and persistent mastery over the former is difficult to achieve.

Read More Show Less

Editorial Reviews

From the Publisher
"Libicki recognizes the grand problem in discourse on the topic of cyberwarfare: the incredible breadth of topical space....Conquest in Cyberspace is an admirable work. It covers much territory and serves the important role of provoking thought and redirecting inquiry. By crossing disciplinary boundaries, Martin Libicki has enriched our understanding of the relationship between information technology and international politics."
Chris Bronk, Journal of Information Technology & Politics
Read More Show Less

Product Details

  • ISBN-13: 9780521692144
  • Publisher: Cambridge University Press
  • Publication date: 4/16/2007
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 336
  • Product dimensions: 5.98 (w) x 8.98 (h) x 0.75 (d)

Meet the Author

Martin C. Libicki, a Senior Policy Analyst at the RAND Corporation since 1998, works on the relationship between information technology and national security. He has written numerous monographs on the subject, notably What is Information Warfare, The Mesh and the Net: Speculations on Armed Conflict in a Time of Free Silicon, and Who Runs What in the Global Information Grid. Dr Libicki is also the editor of the RAND Textbook, New Challenges, New Tools for Defense Decisionmaking. His most recent assignments at RAND have been to develop a post-9/11 information technology strategy for the U.S. Department of Justice and DARPA's Terrorist Information Awareness program, conduct an information security analysis for the FBI, investigate targeting strategies of al Queda, and assess CIA's R&D venture, In-Q-Tel. He previously taught at the National Defense University. Dr Libicki received his Ph.D. from the University of California at Berkeley in 1978.

Read More Show Less

Read an Excerpt


Cambridge University Press
978-0-521-87160-0 - Conquest in Cyberspace - National Security and Information Warfare - by Martin C. Libicki
Excerpt



1

Introduction



Despite its roots in the U.S. Department of Defense (DoD), the global Internet has primarily, although not exclusively, been an avenue and arena of peaceful commerce. With every year, an increasing percentage of the world’s economy has migrated from physical media, or older electronic media such as telephones and telegraphs, to the public Internet and to private or semipublic internets. Systems that were once inaccessible to persons off-premises, such as power plant controls, are now theoretically accessible to anyone around the world. Other hitherto self-contained networks, such as those that transferred money, are now commingled with the larger, more public networks such as the Internet or the international phone system.

   Indeed, its very success is what has turned the Internet into a potential venue of warfare. It is not only that defense systems of advanced militaries are being knit into more powerful systems of systems – thereby becoming the militaries’ new center of gravity. The real impetus is that the more cyberspace is critical to a nation’s economy and defense, the more attractive to enemies is the prospect of crippling either or both via attacks on or through it. Hackers can and do attack information systems through cyberspace.They can attack the cyberspace itself through operations against the networks that provide the basis for this new medium. Defenders thus must keep these hackers out of their systems. If hackers get in, they could wreak great damage. At a minimum they might steal information. Worse, they can make systems go haywire. Worst, they could inject phony information into systems to distort what users think they absorb when they deal with systems. Hackers might take over any machine (such as a pump) controlled by a networked computer system and use it according to their ends and not those of its owners.

   None of this requires mass, just guile. For that reason, attacks in cyberspace do not need the same government backing as attacks in older media do. Any group, or even individual, can play – even, perhaps especially, terrorists. Prior to 9/11, in fact, it was difficult to conceive of a strategic attack on the U.S. homeland by nonstate actors except through the medium of cyberspace. Such would be a bloodless attack from afar that left no traces but could cause the systems we rely on to crash mysteriously. The President’s Commission on Critical Infrastructure Protection argued in 1996 that the capability to launch such an attack did not yet exist – but given five years (that is, by 2001), it very well might.

   Perhaps needless to add, although advanced nations have more at stake in cyberspace than developing nations do, the latter are increasingly being drawn into its domain. Thus, they too are vulnerable to attacks from what are, in general, the larger and more sophisticated cohorts of hackers from the first world.

   By such means, cyberspace has joined air and outer space as a new medium of conflict.1 Granted, evidence that it has become a significant medium of conflict is sparse. This may be because the last three wars in which cyberspace could have played a role – Kosovo, Afghanistan, and Iraq, respectively – were against countries with minimal presence in cyberspace. They had little that the United States could attack, or at least attack more efficiently than conventional means already permitted it to do. So far, other countries have lacked the sophistication and will to do much damage to the U.S. use of cyberspace. But since participation in and dependence on cyberspace is growing, the odds of consequential conflict, and thus hostile conquest, must certainly be rising.

   Lost in this clamor about the threat from hackers is another route to conquest in cyberspace, not through disruption and destruction but through seduction leading to asymmetric dependence. The seducer, for instance, could have an information system attractive enough to entice other individuals or institutions to interact with it by, for instance, exchanging information or being granted access. This exchange would be considered valuable; the value would be worth keeping. Over time, one side, typically the dominant system owner, would enjoy more discretion and influence over the relationship, with the other side becoming increasingly dependent. Sometimes the victim has cause to regret entering the relationship; sometimes all the victim regrets is not receiving its fair share of the joint benefits. But if the “friendly” conquest is successful, the conqueror is clearly even better off.

   The central contention of this work is that the possibilities of hostile conquest may be less consequential than meets the eye while the possibilities of friendly conquest ought to be better appreciated. The current obsession with hostile conquest fosters a tilt toward closed systems, at least among those who have powerful systems to begin with. Those with the most attractive systems – in terms of information, knowledge, services, and reach – have an inherent advantage whose benefits they might deny themselves by concentrating on the threat to themselves. This is particularly so for the national and homeland security community (including law enforcement, homeland defense, and infrastructure). By taking a more open approach to cyberspace, they may extend their influence and the influence of their values more certainly than they would by taking a closed approach.

   In a sense, this argument echoes the distinction made by Joseph Nye between a nation’s hard power and its soft power.2 Hard power is embodied in military force, soft power in its culture. Hard power, like hostile conquest in cyberspace, ultimately entails one nation doing to another what the other would prefer it not do. It is involuntary. Soft power, like friendly conquest in cyberspace, describes the process of enticement. It is voluntary, at least at first. In the case of soft power, the elites of the affected country may find themselves unable to roll back the tide of imported cultural and economic mores without facing resistance and revolt. But rarely can one nation control or manipulate the instruments of soft power to create such a dependency; more often, it works independent of national strategy. With friendly conquest in cyberspace, however, the seducer retains part of the leverage precisely because the controls over the seductive system are not relinquished.

   Hence the choices, many of them public choices. Hence, too, the orientation of this work, one to be understood in its policy and management rather than technical context. It is aimed at educated individuals who are interested in public policy. Admittedly, issues of cyberspace can become quite technical, and so the text tries to clarify some key concepts. Cyberspace issues are not unique in that regard. It can be hard to understand, say, the pros and cons of strategic ballistic missile defense without some understanding of physics. Nevertheless, arguments about strategic defense are not entirely technical ones. Similarly, arguments about the proper use and exploitation of cyberspace are not entirely technical. Readers who happen to be information security experts may appreciate reading this or that point of view; they are unlikely to add much to their technical knowledge of their craft by reading this.



1.1 What Does Conquest Mean in Cyberspace?

This work is entitled not “The Conquest of Cyberspace” but “Conquest in Cyberspace” for a reason. To emphasize the “of ” is to suggest that there is, in fact, a cyberspace that exists in the same sense that the oceans do. It has distinct parameters and perimeters, and one can define conquest within this space. This leaves the only interesting question one of determining who has, in fact, taken possession of what part of cyberspace and how they accomplished such feats. Emphasizing “in,” by contrast, reflects the fact that while something akin to conquest can be defined for cyberspace, cyberspace itself cannot be conquered in any conventional sense.

   To understand why, it helps to understand what cyberspace itself means. Ironically, that process is best begun by discussing what cyberspace does not mean – or at least does not mean yet.

   The term “cyberspace” was coined in William Gibson’s 1984 classic, Neuromancer. The concept was further described in compelling detail in Neil Stephenson’s 1989 Snow Crash. Both portrayed it as an alternative universe that people could participate in (“jack into” pace Gibson). It may be seen, particularly in some movies, as being just on the other side of the twenty-first century’s version of Alice’s looking-glass. Cyberspace, so defined, may be evoked through a text-only medium such as a chat room, but it can also be evoked more tangibly by a virtual reality simulation in which what one sees, hears, and, to some extent, feels is all synthesized on the spot. Computer power and fat networks make this illusion easier to generate with every passing year.

   This often attractive concept should not lead one to imagine cyberspace as being the parallel universe – as if a mapping of this reality into another dimension. Four tenets suggest why cyberspace should be understood on its own merits.

   First, cyberspace is a replicable construct. Being replicable, it exists in multiple locations at once. Because it is replicable, it is also reparable.

   By contrast, only confusion can follow the unconscious assumption that there is one cyberspace in the sense that there is, say, one outer space. The existence of a single something called outer space derives from the simple fact that there is a planet earth and that every point on or above the planet has a unique location relative to it. This uniqueness is firmly rooted in physical law. The planet, for instance, has only one geosynchronous belt, and locations3 in it are carefully allocated for every satellite (of a given broadcast frequency). There is also one spectrum, uses of which are governed by international conventions such as the World Radio Conference. From a military perspective, one nation’s fleets of hunter-killer satellites can keep another country from establishing its own constellation. Control in space, can, in theory, be exclusive.

   Cyberspace, by contrast, is built, not born. Every system and every network can hold its own cyberspace – indeed, it can hold a limitless number of quasi-independent spaces. Cyberspace can appear in multiple, almost infinite, manifestations and forms. Even shared spaces can be indefinitely replicated. This is apparent, for instance, in multiplayer games (such as the Sims Online or Rise of Nations). Since the number of players in any one game is small, there have to be many of them to accommodate everyone who wants to play.

   Not only is cyberspace a construct, but the rules of cyberspace are largely constructs – there is little hard-and-fast physics of the sort that dictates what can and cannot be done in, say, outer space. What can and cannot be done in cyberspace need not follow the laws of physics or the laws of man – although violating the latter may have real-world repercussions. There is no inherent “there” there except as mutually accepted.4 Even larger games (massive multiplayer online role-playing games [MMOPRGs]) such as EverQuest or the popular South Korean multiplayer game Lineage, although more unified, exist because they have been constructed for that purpose, often a commercial one. Admittedly, some people are so hooked by these games that they actually pay real money to acquire virtual goods, useful only online.5 Yet, they are not inherently fixed; should something more attractive come along, they could be easily abandoned. Not so for outer space or the oceans; they will always be there.

   Second, to exist in cyberspace, your interactions must be recognized there. To show why, consider a distributed interactive simulation of the sort used in military training. If such a simulation is to work at all, there must be a synthetic universe into which all player attributes and actions are mapped. Supposedly, all players could factor in everyone’s moves and initial attributes in their own unique way (for example, what you see as driving, others see as flying), but inevitably the result would resemble nothing so much as the argument of children: “you’re dead,” “no, I’m not,” “yes, you are,” “no, I’m not.” So there has to be a master set of rules for any given space. Messages (that is, byte-strings) that do not accord to the rules are invariably rejected as meaningless, regardless of how earnestly or maliciously put forward. The intrusion of a third party must be reflected in a change in the game’s state; again, whether calculated centrally and broadcast or, instead, calculated individually in an identical way is secondary. Unrecognized actions or the actions of unrecognized parties do little harm except for perhaps clogging the lines. And, of course, not every player need be human; they can be machines.

   Third, some aspects of cyberspace nevertheless tend to be persistent. A few rules of cyberspace, such as the laws of cryptography, derive from mathematics. Others are artifacts of well-accepted conventions (such as TCP/IP) or reflect the dominance of certain products in the marketplace (such as Microsoft Windows). One can construct a cyberspace without them, but most information systems adhere just the same. Such rules can come from many places, such as from those who write the software or from the community that maintains the environment in which the software runs.6 So, while these rules remain constructs, they are constructs in which people have invested value.

   Certain systems, as well, are persistent. There is, for instance, only one Internet, and it has certain conventions such as a hierarchy of routers as well as a set of recognized names corresponding to a set of recognized addresses.7 But there are also internets (small “i”) that use the same ubiquitous and richly supported communications protocols as the Internet but are not connected to the Internet. There are yet others, which are connected but in ways that make it very difficult for the innocent public or not-so-innocent hackers to get into them.

   Even at a macro level, as Lawrence Lessig8has argued, cyberspace has nearly no inherent properties and only a few strong tendencies; everything else is imposed by those with the power to do so. The oft-cited aphorism that the Internet interprets censorship as network damage and routes around it has been used to imply that the inherent qualities of the Internet have made free speech inevitable in that medium. But this runs up against the real-world constraints that governments such as China have largely imposed successfully on its Web users. There is, Lessig goes on to argue, a substantial capability to express social norms, hitherto reified only in legal code, as computer code to achieve roughly the same ends. To say that cyberspace is a “commons” or a “market” presupposes some expression in cyberspace of social norms and, in some cases, legal enforcement that permits commons or markets to function in real space. It does not arise from the nature of cyberspace or always come out in the same way. For instance, EBay, the online auction site, is a global market, and there are mechanisms (for example, a global reputation registry) that work on EBay to provide other or more efficient ways of enforcing commercial norms that exist in the physical world. But supposing such markets would work absent any mechanisms and social norms whatsoever is naive.

   Fourth, cyberspace has separate layers, the conquest of each of which has vastly different meaning. Stated briefly, and discussed in much greater detail in Chapter 10, one can define three layers in cyberspace with their parallels in linguistics: the physical, the syntactic, and the semantic.9

   The physical layer – including such things as wires, routers, and switches – is the foundation of cyberspace in the tangible world.10 Conquest that takes place here could be understood in terms of physical control over the infrastructure – frustrated only by the ease with which most of the infrastructure can be replicated if necessary.

   The syntactic layer reflects both the format of information in cyberspace and how the various information systems from which cyberspace is built are instructed and controlled.11 As explained further later in this chapter, the syntactic layer can itself be divided into sublayers; one canonical model, Open System Interconnection (OSI), identifies seven of them. Control here is often a matter of mastery: Can my knowledge of the rules overcome your knowledge to get machines to do what I, rather than you, want? And who writes the rules?

   The semantic layer contains the information meaningful to humans or connected devices (for example, machine tools). Here the issue is one of influence: can I present to you a different version of reality that others take to be true?

   So, conquest works differently at different layers. Physical access (that is, connectivity) does not mean syntactic access. Syntactic access does not mean meaningful semantic access. And semantic access does not necessarily result in meaningful change in what people believe about the world or even about cyberspace.

   The layers of cyberspace may be likened to a party hall with private rooms. All these rooms are part of the same physical structure and they are mutually accessible, but that does not mean that what goes on in one room says much about what goes on in the next. To get into any one room may require a key (in cyberspace terms, knowledge of the network address and the password). Those who make their way in still have no guarantee of meaningful interchange with any of the participants. One may be simply ignored or not understood. Becoming a meaningful part of the conversation has three requirements: getting to the party hall, finding a key to the private room, and being accepted by those who are conversing. Some party rooms are better than others, in part because of better physical facilities (in cyberspace terms, faster connections, better data stores, more sophisticated support services, and so on). Some conclaves such as chat rooms are open to everyone.12 Others, such as The Well (a Sausalito-based bulletin-board system [BBS] that predated the Worldwide Web site), are by invitation only. The more desirable neighborhoods in cyberspace are often so because they are better organized with more entertaining activities and intriguing conversationalists; others are more interesting because they permit certain types of business to be done.

   Even, perhaps especially, Islamic (more technically, Salafist-Jihadist) terrorists hang out in their own neighborhoods to transact their “business.” In some cases, notably when propagandizing for the masses, seeking recruits, or distributing Web materials, these neighborhoods tend to be public. In other cases, when mooting plots among themselves, Jihadist sites are more private; access is carefully revealed to known individuals. These are not rigid or even rigidly enforced distinctions. Sites have been penetrated by researchers who have figured out how to sound like a potential terrorist.13

   It turns out that hostile conquest in cyberspace takes place largely at the physical and syntactic layers, while friendly conquest in cyberspace, because it has to do more with the exchange and encoding of knowledge, tends to take place at the syntactic and semantic layers.



1.2 Précis

The contention – that it is hard to control the world by hostile conquest in cyberspace but that the power available through friendly conquest merits attention – is developed in three parts followed by a conclusion.

   Part I deals with hostile conquest in cyberspace. It starts with the premise that information systems exist to generate information, that information is used for decisions, but that humans are the agents of knowledge and decision making.14 In other words, if one is to attack systems and so affect decisions, one must recognize the decisions are ultimately made by natural rather than artificial cognition. People, unlike computers, have a great (if not always used) capability to learn, intuit, create, and adapt. They are capable of holding what the machines tell them at arm’s length.





© Cambridge University Press
Read More Show Less

Table of Contents

List of Figures     x
Acknowledgments     xi
Introduction     1
What Does Conquest Mean in Cyberspace?     4
Precis     10
Hostile Conquest as Information Warfare     15
An Ideal-Type Definition of Information Warfare     16
Control at One Layer Is Not Control at Another     24
Applying the Ideal-Type Definition     27
There Is No Forced Entry in Cyberspace     31
Information Warfare Only Looks Strategic     37
IW Strategy and Terrorism     43
Conclusions     49
Information Warfare as Noise     50
Disinformation and Misinformation     51
Defenses against Noise     55
Redundancy     55
Filtration     57
What Tolerance for Noise?     59
Tolerance in Real Environments     60
Castles and Agoras     62
Hopping from Agoras to Castles?     64
Castling Foes     66
Concluding Observations     71
Can Information Warfare Be Strategic?     73
Getting In     75
Mucking Around     79
Spying     79
Denial of Service     80
Corruption     81
Distraction     83
Countermeasures     84
Redundancy     84
Learning     85
Damage Assessment     87
Prediction     90
Intelligence Is Necessary     90
Intelligence Alone Is Hardly Sufficient     93
Is Information Warfare Ready for War?     95
The Paradox of Control     96
Other Weaponization Criteria     97
Conclusions     100
Information Warfare against Command and Control     102
The Sources of Information Overload     103
Its Effect on Conventional Information Warfare Techniques     105
Coping Strategies     107
Who Makes Decisions in a Hierarchy?     107
Responses to Information Overload     111
Know the Enemy's Information Architecture     116
Elements of Information Culture     117
Elements of Nodal Architecture     118
Injecting Information into Adversary Decision Making     118
Ping, Echo, Flood, and Sag     121
Ping and Echo     121
Flood and Sag     122
Conclusions     124
Friendly Conquest in Cyberspace      125
A Redefinition of Conquest     126
The Mechanisms of Coalitions     128
The Particular Benefits of Coalitions     130
Information and Coalitions     131
The Cost of Coalitions in Cyberspace     136
Enterprise Architectures and Influence     142
Alliances with Individuals     148
The Special Case of Cell Phones     151
Alliances of Organizations     155
Ecologies of Technological Development     155
DoD's Global Information Grid (GIG)     159
Merging the Infrastructures of Allies     164
Conclusions     166
Friendly Conquest Using Global Systems     169
Geospatial Data     170
Coping with Commercial Satellites     175
Manipulation through Cyberspace     178
Getting Others to Play the Game     180
Some Conclusions about Geospatial Services     182
National Identity Systems     182
Two Rationales for a National Identity System     183
Potential Parameters for a Notional System     184
Constraints from and Influences over Foreign Systems     187
Compare, Contrast, and Conclude     191
Retail Conquest in Cyberspace     193
Information Trunks and Leaves     194
Where Does Cheap Information Come From?     195
Surveillance in Cyberspace     198
Making Information Global     203
Privacy     204
Amalgamating Private Information     206
Using the Information     208
General Coercion     208
Specific Coercion     209
Persuasion     211
Some Limits of Retail Warfare in Cyberspace     214
Using Retail Channels to Measure Wholesale Campaigns     215
Conclusions     218
From Intimacy, Vulnerability     220
Do the Walls Really Come Down?     220
Intimacy as a Target     222
The Fecklessness of Friends     225
Betrayal     228
Conclusions     230
Talking Conquest in Cyberspace     231
Four Layers of Communications     232
Human Conversation in Layers     232
Cyberspace in Layers     236
Complexity Facilitates Conquest     240
Complexity and Hostile Conquest     241
Complexity and Friendly Conquest     242
Semantics     245
Pragmatics      249
Lessons?     255
Managing Conquest in Cyberspace     256
Conducting Hostile Conquest in Cyberspace     257
Warding Off Hostile Conquest in Cyberspace     262
Byte Bullies     262
Headless Horsemen     265
Perfect Prevention     268
Total Transparency     270
Nasty Neighborhoods     272
Exploiting Unwarranted Influence     276
Against Unwarranted Influence     281
In Microsoft's Shadow     282
Microsoft and Computer Security     285
Conclusions     289
Why Cyberspace Is Likely to Gain Consequence     291
More Powerful Hardware and Thus More Complex Software     292
Cyberspace in More Places     294
Fuzzier Borders between Systems     297
Accepted Cryptography     299
Privatized Trust     301
The Possible Substitution of Artificial for Natural Intelligence     303
Conclusions     306
Index     307
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)