Cybersecurity and Hybrid Warfare
Warfare has changed, and so has the domain, terrain, methods and tactics. The employment of conventional hard power, has given way to ‘ grey- zone’ warfare.
In the grey- zone, the terrain is obscure, very obscure to be precise. Everything at one’s disposal counts as a weapon. From fake news, influencers, propagandist, hackers, malware, algorithms to software codes, everything is a sharp instrument in the toolbox of war.
Unlike in the ‘ old world,’ it is now a nearimpossible task, to discern an adversary from an ally. Not only has the line between friend and foe blurred, so has the line between war and peace. This has made grey- zone war, elusive, and almost impossible to define its threshold.
Not only has the terrain of grey- zone warfare become ambiguous and all that, so are the actors. The actors in this terrain are often defined by ‘ witting’ vagueness. More often than not, they neither have shape nor form. That is, the target is hindered to detect, deter, defuse, defend and even to attribute the attack.
This is deliberate, so as to blunt not only attribution, but response or retaliatory capability as well. This ambiguity and non- attribution, has left the domain wide open to all kinds of actors; from complex state- sponsored to less sophisticated rent- a- hacker. As a result, there is a plethora of activities occurring in this battlespace, ranging from cyberattacks, influence operations, to disinformation campaigns.
The objectives of the attack, often vary according to the nature and character of the actor. From a state- actor or state- sponsored actor, often the aim is to ‘ weaken’ a perceived adversary by exploiting its vulnerabilities.
The employment of non- lethal means has seen relatively unsophisticated adversary blunt some of our sharpest instruments of power. For example, through influence operations, they are able to shape domestic perceptions through social- media manipulation, censorship, and absolute control of popular media.
This allows their national disinformation and influence operations to freely reach their target audiences with impunity. The result is an asymmetric advantage in information warfare that is global in nature and strategic in effect.
In the cyber domain, this could involve expanding offensive cyber capabilities, while in the information domain, this could mean responding to and mitigating disinformation while simultaneously and proactively shaping the information environment.
In the recently- held cybersecurity course by US Department of State, Foreign Press Centre, it has become apparent that hybrid grey- zone capability is no longer monopoly of state, it is also in the war chest of nonstate actors.
In one of the briefings by Shane Huntley, Senior Director of Google’s Threat Analysis Group ( TAG), he pointed to proliferation of government- backed threats, disinformation or information operations and serious cybercrime.
Huntley, a former Technical Director of Network Exploitation Technology in the Australian intelligence was recruited by Google to set up TAG which he says, tracks over 270 different government- backed threat groups. TAG tracks day- to- day attacks that are targeting users on Google platforms including Gmail and including Android.
Huntley raised concern that, what started out as grey- zone hybrid capability in the hands of major world powers such as the US and China are now readily available on the open market from companies such as NSO in Israel, with their spyware, Pegasus.
In 2020, Citizen Lab managed to capture Pegasus iMessage- based zero- click exploit used to target and led to the killing of Saudi activist Jamal Khashoggi. Pegasus exploits zero- day vulnerability to essentially turn one’s phones into a surveillance and monitoring device. These are super dangerous exploits.
Huntley says TAG is tracking 20 different companies which are actually selling this sort of capabilities to actors. Based on research and findings by Project Zero, Pegasus is one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.
We understand collective cybersecurity is about trust so we do everything in our authority to be the absolute best partner possible. Hunt Operations are driven by national security intelligence but having key foreign partners to invite us to hunt on their network is a key asymmetric advantage that our adversaries don’t have.
We get to find adversaries before they compromise U. S. networks. We get to expose their tactics and malicious software while also improving the cybersecurity posture of our key allies and partners. We also get to interact with key partners who are on the front lines of the fight against nation state malicious cyber activity. These missions make us all better.
In the briefing by Major General William Hartman, who is the Commander of Cyber National Mission Force, at U. S. Cyber Command ( USCYBERCOM), he states that the Cyber National Mission Force operates across the spectrum of cyberspace, to execute offensive, defensive, and information operations to proactively disrupt threats targeting the United States.
He describes these operations as “specific, targeted, and deliberate.” Having spent 33 years as an Intelligence and Cyber officer, Major General Hartman describes the USCYBERCOM as the United States military cyber component which is charged with first, defending the Department of Defense networks, secondly, supporting joint forces in cyberspace Army, the Navy, the Marine Corps, Air Force, Coast Guard and Space Force and the final mission is to defend the American nation.
CYBERCOM provides options to the Joint Force for both defensive and offensive cyber operations in support of their larger goals through “Hunt Forward Operations.”
What is evident is that the politics- war matrix has become even more complex, since the dynamics of war are in a state of flux. War now means a range of possibilities. Sometimes, it might entail kinetic operations in conjunction with the use of non- state actors.
Sometimes, it might involve launching cyberattacks targeting critical infrastructure together with disinformation campaigns. Such avenues are extensive and so are the ways in which they may be fused or juxtaposed.