19 December 2015

Cyber Domain: International Law of Asymmetric Warfare...

The international laws and human understanding of what crosses a "Red Line" are being defined in cyberspace in real-time.  The operations of the Chief Security Officer (CSO) and Chief Information Security Officer (CISO) are now becoming more adaptive.  The Operational Risk Management (ORM) enterprise architecture, will soon call for three standard mission functions:
  • Computer Network Attack (CNA): Includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.
  • Computer Network Defense (CND): Includes actions taken via computer networks to protect, monitor, analyze, detect, and respond to network attacks, intrusions, disruptions, or other unauthorized actions that would compromise or cripple defense information systems and networks.
  • Computer Network Exploitation (CNE): Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.
 Computer Network Defense (CND) has been the norm for many organizations and now, that is no longer enough.  Yet before we can determine why we must  add CNA and CNE, we better understand the breadth and depth of the cyber realm.  The "Over-the-Horizon" view, of the reality of that domain, is rapidly developing into a proactive risk management imperative, for Global 500 organizations.  Why?

The non-state actors are organizing and evolving into what could be coined for the laymen, as a modern day "Cyber al-Qaida."  A "Cyber  Taliban."  Or even a "Cyber 1st Amendment or 4th Amendment cadre of affiliated entities.  These digital non-state actors following a set of ideologies, as opposed to a set of true investigative journalists or independent non-partisan watch dogs, are metastasizing at an exponential rate.

This ideology fueled by cyber activism and directed at a particular organization or country, is on a digital battlefield that spans the globe.  It has long been said that the Internet is nothing more than a mirror, of the good and evil in our physical world.  The existence of cyber warriors who are interested in going beyond the goal of financial crimes to kinetic destruction of critical infrastructure, is a well known fact.

Who are these cyber warriors that identify with a movement or cause, that attack the well being of other humans or destroys the property or economic assets of another organization.  They are the same ideologues that have existed long before the Internet.  The difference is that the reach, speed and ubiquitous nature of the digital medium accelerates the threat and the requirement for an effective counter balance.  Putting actual skill sets aside for a moment, the real differentiator has been on a "White Hat" or ethical warrior focus:
Regarding whether there were different rules of armed conflict for cyberwarfare in dealing with states like Iran, versus terror entities like Hamas or al­-Qaida, he first noted that while there is “no consensus,” the “US, Israel, England and others” argue that “self ­defense” principles justify attacks against terror groups, even if they are not states.  --IDF Col. Sharon Afek-- Article by Yonah Jeremy Bob
The CNA, CND and CNE operations in the digital Global 500, will now employ those individuals who have an ideology that is more directly opposed to the worldview of a "Cyber al-Qaida."  In the long war, the cyber "White Hats" will endure.  The asymmetric warfare of the next decade, will encompass operational risk professionals behind the network, who have a different context.  Why? Because they believe in a ideology far more patriotic than their predecessors.  They are the "Quiet Professionals" who have retired from SOCOM active duty and now span the ranks of the corporate private sector.

The international laws of the cyber domain are in play for our prosperity or our peril.

No comments:

Post a Comment