Cyber Capacity and Counterproliferation: Determining a Cyber ...
Cyber Capacity and Counterproliferation: Determining a Cyber Command & Control Structure for U.S. Covert Counterproliferation Action
Christopher L. Conklin PROJECT ON NUCLEAR ISSUES 2012 SUMMER CONFERENCE LOS ALAMOS NATIONAL LABORATORY
Cyber Warfare or Covert Action: Decision Calculus Presidential Directive Military Operation
US Code (USC)
Covert Action (CA)
Title 10
Dept. of Defense/NSA
Title 50
Timeframe
Act of War
CIA: EO 12333
Congressiona l Authorization
Timeframe
Finding
Congressiona l Notification
Cyber ‘Activity’ = ? Espionage: “IC shall collect information concerning, and conduct activities to protect against…proliferation of WMD.” Executive Order 12333
Act of War: Covert Action: “An activity of the USG to influence political, economic, or military conditions abroad.” 50 USC §413b(e)
“Any act occurring in the course of…armed conflict between military forces of any origin.” 18 USC § 2331 4(c)
Title 10 vs. Title 50 Title 10 – Dept. of Defense Warfare
Armed Attack (?) Physical Damage Immediate destruction of property = an ‘Act of War?’ Congressional
Authorization* Conflict lasts > 60 days 50 USC 1541-1548
NSA/CIA: All of the Above?
Title 50 – Intel. Community
Espionage Intelligence Collection
Flame, Duqu
Sabotage &
Disruption
Ex. - Employing cyber CA as method of damaging centrifuges
Cyber Covert Action: Title 50 Why Title 50?
Examples Covert Action:
Espionage:
Stuxnet
Flame, Duqu
Sabotage ≠ ‘Act of War’
Intel. Collection*
EO 12333, 1.7a(4) – “No agency except the CIA may
conduct any covert action…”
“Unless the President determines that another agency is more likely to achieve a particular objective.”
Physical damage =/≠ ‘Use of Force? “W.32.Flamer: Enormous Data Collection,” Symantec Official Blog, 4 June 2012: W32.Duqu: “The Precursor to the Next Stuxnet,” Symantec Security Report, 24 October 2011
‘Use of Force’ Continuum Psychological Operations
Nuclear Weapon Bin Laden Raid
Drone Strike
Kinetic Damage
Cyber Attacks
Cyber Capabilities • Targeted Killings – No* • Destroying Infrastructure - Yes
Defining Cyber ‘Use of Force’ Key Issues Non-lethal* Physical damage without kinetic strike Sabotage Wiping a hard drive
No physical damage
Centrifuges
Kinetic destruction
Are they the same? Gray area
Photo Credit: Press TV
Cyber Covert Action & Drone Strikes: Title 10/50 Gray Area Similar Issue Both Presidential directives New forms of weaponry Interplay
Department/Agency Cooperation
Primary Differences Targets Use of Force scale
Questions With Both Operational Control
Crux of the issue
Oversight
Photo Credit: Charles McCain, MQ9 Reaper Drone in Afghanistan 2007: Flickr
Cyber: Unique Title 10/50 Problems Dual-Use Intel. extraction Sabotage Timeframe Oversight Difficult to guarantee
Dual-Use
Offensive Duration
Operational Uncertainty
Uncertainties Spread of weapon across air gaps Efficacy of sabotage may be unknowable*
IAEA Safeguards
* Source: William A. Owens, Kenneth W. Dam, and Herbert S. Lin, “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities,” National Resource Council: Committee on Offensive Information Warfare, 2009
Issues to Consider: Cyber Covert Action Is cyber counterproliferation limited in scope to
sabotage?
2008 vs. Today Today vs. 2016
Operational Chain of Command Cyber weaponry can be infinitely faster than kinetic weaponry* Operators must be given freedom to maneuver in such an environment
Generals & Sergeants
Attribution Huge problem, perfect for covert counterproliferation action Plausible deniability Billy K Rios, “Sun Tzu was a Hacker: An Examination of the Tactics and Operations from a Real World Cyber Attack,” Grey Logic, accessed 17 June 2012
Conclusions: A New Breed of Weaponry Cyber CA – Title 50 Does it matter? Cyber Capabilities Covert Action ≠ Warfare ≠ Espionage Stuxnet ≠ Flame/Duqu What constitutes ‘force?’ Determining a threshold
When does a cyber covert action become an act of cyberwar?
More questions than answers Suspected Nuclear Site: Qom, Iran, Podknox, Flickr
Christopher L. Conklin PROJECT ON NUCLEAR ISSUES 2012 SUMMER CONFERENCE LOS ALAMOS NATIONAL LABORATORY
Cyber Warfare or Covert Action: Decision Calculus Presidential Directive Military Operation
US Code (USC)
Covert Action (CA)
Title 10
Dept. of Defense/NSA
Title 50
Timeframe
Act of War
CIA: EO 12333
Congressiona l Authorization
Timeframe
Finding
Congressiona l Notification
Cyber ‘Activity’ = ? Espionage: “IC shall collect information concerning, and conduct activities to protect against…proliferation of WMD.” Executive Order 12333
Act of War: Covert Action: “An activity of the USG to influence political, economic, or military conditions abroad.” 50 USC §413b(e)
“Any act occurring in the course of…armed conflict between military forces of any origin.” 18 USC § 2331 4(c)
Title 10 vs. Title 50 Title 10 – Dept. of Defense Warfare
Armed Attack (?) Physical Damage Immediate destruction of property = an ‘Act of War?’ Congressional
Authorization* Conflict lasts > 60 days 50 USC 1541-1548
NSA/CIA: All of the Above?
Title 50 – Intel. Community
Espionage Intelligence Collection
Flame, Duqu
Sabotage &
Disruption
Ex. - Employing cyber CA as method of damaging centrifuges
Cyber Covert Action: Title 50 Why Title 50?
Examples Covert Action:
Espionage:
Stuxnet
Flame, Duqu
Sabotage ≠ ‘Act of War’
Intel. Collection*
EO 12333, 1.7a(4) – “No agency except the CIA may
conduct any covert action…”
“Unless the President determines that another agency is more likely to achieve a particular objective.”
Physical damage =/≠ ‘Use of Force? “W.32.Flamer: Enormous Data Collection,” Symantec Official Blog, 4 June 2012: W32.Duqu: “The Precursor to the Next Stuxnet,” Symantec Security Report, 24 October 2011
‘Use of Force’ Continuum Psychological Operations
Nuclear Weapon Bin Laden Raid
Drone Strike
Kinetic Damage
Cyber Attacks
Cyber Capabilities • Targeted Killings – No* • Destroying Infrastructure - Yes
Defining Cyber ‘Use of Force’ Key Issues Non-lethal* Physical damage without kinetic strike Sabotage Wiping a hard drive
No physical damage
Centrifuges
Kinetic destruction
Are they the same? Gray area
Photo Credit: Press TV
Cyber Covert Action & Drone Strikes: Title 10/50 Gray Area Similar Issue Both Presidential directives New forms of weaponry Interplay
Department/Agency Cooperation
Primary Differences Targets Use of Force scale
Questions With Both Operational Control
Crux of the issue
Oversight
Photo Credit: Charles McCain, MQ9 Reaper Drone in Afghanistan 2007: Flickr
Cyber: Unique Title 10/50 Problems Dual-Use Intel. extraction Sabotage Timeframe Oversight Difficult to guarantee
Dual-Use
Offensive Duration
Operational Uncertainty
Uncertainties Spread of weapon across air gaps Efficacy of sabotage may be unknowable*
IAEA Safeguards
* Source: William A. Owens, Kenneth W. Dam, and Herbert S. Lin, “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities,” National Resource Council: Committee on Offensive Information Warfare, 2009
Issues to Consider: Cyber Covert Action Is cyber counterproliferation limited in scope to
sabotage?
2008 vs. Today Today vs. 2016
Operational Chain of Command Cyber weaponry can be infinitely faster than kinetic weaponry* Operators must be given freedom to maneuver in such an environment
Generals & Sergeants
Attribution Huge problem, perfect for covert counterproliferation action Plausible deniability Billy K Rios, “Sun Tzu was a Hacker: An Examination of the Tactics and Operations from a Real World Cyber Attack,” Grey Logic, accessed 17 June 2012
Conclusions: A New Breed of Weaponry Cyber CA – Title 50 Does it matter? Cyber Capabilities Covert Action ≠ Warfare ≠ Espionage Stuxnet ≠ Flame/Duqu What constitutes ‘force?’ Determining a threshold
When does a cyber covert action become an act of cyberwar?
More questions than answers Suspected Nuclear Site: Qom, Iran, Podknox, Flickr
