C-522 (2)
Module 2 Memo: Intro to Networks, . . . Part I 24 Jan 19/DEHWebber
Module 2 readings discuss the beginnings of cyberspace, introducing basic cyber con- cepts as a foundation for later discussions on some of the “wicked” problems that have emerged over the last 30 years.
A Brief Summary of Key Points Singer/Friedman wrote their book to fill a knowledge gap in Cyber. They do not feel that
most people, in any profession, truly understand how much Cyber impacts everything. More alarming, is finding a common language or set of definitions that fosters intelligent conversations and decisions regarding cyber has been a significant challenge internationally. Pipes, “cyber- stuff”, tubes—this is the type of vocabulary used in early attempts to discuss cyber and the latest attempts, while much improved, still leave gaps. Singer/Friedman provide a short history of the internet and how it works (p. 16-33; Blum, Tubes, a recommended reading for this course is also an excellent source on this topic), before laying out definitions that help shape cyber discussions.
Both Reveron and Singer/Friedman provide definitions of cyberspace. The US Depart- ment of Defense (in 2008), published a cyberspace definition, “the global domain within the in- formation environment consisting of the interdependent network of information technology in- frastructures, . . .” (Singer/Friedman, p. 13) which was perhaps too detailed to be useful. Singer/ Friedman’s definition is simpler, but still capture multiple dimensions of cyberspace: “the realm of computer networks (and the users . . .) in which information is stored, shared, and communi- cated online.” They include as part of that definition specific features of that realm, including cyberspace as: an information environment that is both physical and virtual; a man-made envi- ronment with a cognitive element in addition to its physical and virtual elements; not stateless or a ”global commons” (this refers to unowned natural resources such as the oceans); an entity comprised of users and infrastructure associated with nations; an environment with all three ele- ments/dimensions constantly evolving (p. 13-14).
Singer/Friedman point out that security can be viewed in terms of the “CIA triad”—Con- fidentiality, Integrity and Availability. In other words: Are you able to keep your private infor- mation private (confidentiality), your data and systems safe from compromise and unwanted al- terations (integrity), and to use your data and systems as, and when, intended (availability)? Re- silience is another key aspect of security Singer/Friedman address: can your systems survive an attack? (p. 34-35) Singer/Friedman provide quick examples of threats (Citigroup attack resulting in financial fraud; RSA attack resulting in theft of RSA’s intellectual property; and Stuxnet) and vulnerabilities (social engineering such as “phishing;” use of poor or default passwords on a sys- tem; or software vulnerabilities (such as coding errors or weaknesses, malware) (p. 37-45). These authors discuss cyber defense, but readily admit that people are the weakest security link.
While most have personal and professional (industry) equities in cyber, national security is a great concern as well. Additionally, those concerns drive governments to establish policies and regulations designed not only to protect citizens’ interests, but also to protect governmental interests in national security. Reveron’s opening chapter “considers current and future threats in cyberspace, discusses various approaches to advance and defend national interests in cyberspace, contrasts the US approach with European and Chinese views, and posits a way of using cyber capabilities in war” (p. 4). Reveron sees cyberspace as a “fifth dimension” — a virtual world that increasingly becomes an extension of our physical world. He notes that policy and law fall short
Module 2 Memo: Intro to Networks, . . . Part I 24 Jan 19/DEHWebber
of protecting citizen and national interests from a variety of bad actors, including intelligence sources, criminal groups, hackers, hacktivists, disgruntled insiders and terrorists (p. 9-12). Final- ly, Reveron opens the discussion on cyber and war, observing the capabilities and doctrine for cyber war are still developing (p. 13-16).
The two Economist articles, Computer Security is Broken . . . and Crooked Timber of Humanity address both the broad scope of cyber problems as well as their nature. The Crooked Timber of Humanity reminds us that many of the issues we will address in this course are not re- ally new issues, but rather old issues in a modern setting.
Comments on key points (Agree, Disagree? Why or Why not?) The DoD cyberspace definition, while providing an accurate list of the components of
cyberspace, left many asking “so now what?” How do we operationalize—make that definition usable—in a global environment? Definitions, cyber terms in general, are not universal, though persistent attempts have been made to standardize them. The lack of standardization makes it dif- ficult for problems to viewed globally through the same lens and ultimately more challenging to resolve.
As Singer/Friedman point out, the constantly evolving nature of cyberspace has seen cy- berspace transform from an information resource (electronic encyclopedia?) to an eCommerce platform (shopping!) to an integral part of national critical infrastructure (it drives banking, pow- er and other utilities, agriculture, etc.). Reveron also notes that national security is shaped by global cyberspace capability and their ability to impact national interests. Read any newspaper or journal and it would be difficult to find writers who would disagree.
Singer/Friedman discuss threats and vulnerabilities but spend most of their discussion on Advanced Persistent Threats (APT) involving adversaries While there are a number of threats and vulnerabilities that could negatively impact individuals and businesses, they do not represent the focused, well-resourced and determined effort presented by APTs which are becoming an in- creasingly larger problem for business and nation states.
What issues and questions are raised by these readings? As information travels across international boundaries, who owns it? Who governs it?
The originator or the “sovereign” of the physical space in which it rests or passes through? Do words (definitions) matter? If we are not speaking the same cyber language and do
not have the same reference points, how does the international community reach agreement on appropriate solutions to resolve or prevent conflict?