Skip to main content

Currently Skimming:

Categorizing and Understanding Offensive Cyber Capabilities and Their Use--Gregory Rattray and Jason Healey
Pages 77-98

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 77...
... Though many have posited notions on what a "real" cyber war would be like, we lack understand ing of how such conflicts will be conducted and evolve. Accordingly, the third main section dives into an analysis of cyber war analogies, from the well-known "cyber Pearl Harbor" and "cyber 9/11" to less discussed analogies like a "cyber Vietnam." As cyber warfare is often compared to combat in the air, both in speed and range of operations and the loudly touted strategic effects, the paper also includes an extended case study on a cyber Battle of Britain fought force-on-force in cyberspace with little relation to fielded military forces.
From page 78...
... Recognizing that understanding of cyberspace has changed, the national military Strategy for Cyber operations has put forth a military strategic framework that orients and focuses the actions of the Department of Defense in areas of intelligence, military and business operations in and through cyberspace. It defines cyberspace as "a domain characterized by the use of electronics and the use of the electromagnetic spectrum to store, modify and exchange data via networked systems and associated physical infrastructures." 4 Though cyberspace is fairly well understood as a warfighting domain there are a few key aspects that help us to better examine the role of offensive operations.
From page 79...
... Pilots can "slip the surly bonds of earth,"7 confident they will have little interaction with civilians and, if they do, the Air Forces will be in control. Nothing could be more different in offensive cyber operations.
From page 80...
... Ultimately, the inability to thoroughly plan and predict in cyberspace makes it difficult to achieve specific objectives through offensive cyber operations and seems to be one of the main brakes on more operational use of offensive operations.11 CATEgORIzINg OFFENSIvE MISSIONS Many previous attempts to categorize offensive cyber capabilities have focused understandably on what is new in the cyber domain. For example, cyber capabilities have often been categorized techni cally, such as the previous National Academy of Sciences paper12 which looked at techniques for remote access (such as botnets, penetrations, worms and viruses, and protocol compromises)
From page 81...
... CATEgORIzINg OFFENSIvE OPERATIONS Offensive cyber operations (as distinct from their missions, above) can be categorized according to a number of factors.
From page 82...
... , or something operational in between? Because of the nature of cyber space, offensive cyber operations have, like airpower, the theoretical ability to directly affect adversary centers of gravity far from his national borders and fielded military forces.
From page 83...
... The U.S. military might be most likely to initiate offensive cyber operations alongside kinetic operations while other adversaries might initiate cyber attacks early to try to gain an asymmetric advantage.
From page 84...
... Likewise, any "cyber Pearl Harbor" could be reasonably expected to have the United States not succumb to coercion and angrily respond with all elements of national power. So "cyber Pearl Harbors" can reasonably be expected to be followed by a major war, perhaps a tra ditional and kinetic war, possibly also though by a mix of major kinetic and cyber attacks (see "Cyber St.
From page 85...
... defending Initiation timing Surprise Initiation timing Surprise Initiation attack Massive Initiation attack Massive "Cyber 9/11" (or Surprise Attack by Non-State versus Civilian Targets) Though a "cyber Pearl Harbor" and "cyber 9/11" (see Table 2)
From page 86...
... It is plausible that every step of the "covert action ladder"31 could be undertaken through offensive cyber operations: propaganda (least violent and most plausibly deniable) through political activity, economic activity, coups and paramilitary operations (most violent and least deniable)
From page 87...
... However, in the future it could be that cyber conflict has an equivalent of St. Mihiel where cyber forces engage heavily, on both offense and defense, in support of more traditional military operations (see Table 5)
From page 88...
... For a more extended case study on the strategic air war over Europe and implications for offensive cyber operations, see Attachment 1. Large, Covert Cyber Conflict with Near-Peer Nation A cyber conflict need not be overt to be destructive.
From page 89...
... These actions can take a range of forms including boycotts, broadcasts, stationing warships in international waters off the coast, increasing border patrols and improving defenses, missile tests, and large-scale exercises practicing an invasion. It is possible that a nation would overtly use offensive cyber operations, kept similarly below the nebulous threshold of "armed attack," to coerce another nation (see Table 8)
From page 90...
... response was with traditional military forces, some units, such as the Special Forces, would attempt to engage the Viet Cong using guerilla-style tactics, albeit aided by more firepower and technology. 36 An analogous irregular cyber conflict might involve few large-scale incidents with large-scale effects, but a continuing string of attrition attacks seeking to erode an adversary's power, influence, and will (see Table 9)
From page 91...
... , it is neither cyber warfare nor a use of offensive cyber operations, and so will not be given significant analysis in this paper and is included here only for completeness in describing possible future cyber conflicts. However, an effective CNE campaign is likely a critical enabler of many of the types of offensive opera tions described in this paper.
From page 92...
... The ways to categorize offensive operations include adjectives typical also of modern kinetic military operations, such as whether the attack was a surprise, part of a larger campaign, or was covert or overt. Similarly, though "cyber 9/11" and "cyber Pearl Harbor" can have a deeper meaning than their popular associations, these handles can point how to apply military history and novel thinking to this new field.
From page 93...
... During the original Battle of Britain, the German objective was to invade so their original targets were ports and convoys. However, if facing more difficult defenses than expected, the offensive cyber forces might shift targets, as the Luftwaffe did in mid-August (after a month of fruitless battles in the English Channel)
From page 94...
... Even more so than in aerial warfare, cyber operations favor the attacker. Defenders can be swamped with only one attack against a critical target, and so have a steeper exhaustion curve.
From page 95...
... A cyber command center, for a cyber Battle of Britain, would present several tremendous disadvan tages compared to the RAF's Fighter Command Headquarters. In a cyber conflict, attacks may target the private sector which may be outside of the military commander's authority.
From page 96...
... FIGURE 1 The Attack Begins: Military Technical View of Cyber Warfare FIGURE 2 The Battle Is Joined: Military Technical FIGURE 3 The Battle Reaches Crescendo: Military View of Cyber Warfare Technical View of Cyber Warfare
From page 97...
... Of course, there may be combat operations in several theaters of war, either simultaneously or over the duration of a multi-year conflict, as in Figure 5. An even more overlooked aspect of cyber warfare is that the interplay of the offensive and defen sive cyber forces is likely to only be one field where the combatants compete with each other.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.