Skip to main content
main-content
Top

About this book

Understand the challenges of implementing a cyber warfare strategy and conducting cyber warfare. This book addresses the knowledge gaps and misconceptions of what it takes to wage cyber warfare from the technical standpoint of those with their hands on the keyboard.

You will quickly appreciate the difficulty and complexity of executing warfare within the cyber domain. Included is a detailed illustration of cyber warfare against the backdrop of national and international policy, laws, and conventions relating to war.

Waging Cyber War details technical resources and activities required by the cyber war fighter. Even non-technical readers will gain an understanding of how the obstacles encountered are not easily mitigated and the irreplaceable nature of many cyber resources.

You will walk away more informed on how war is conducted from a cyber perspective, and perhaps why it shouldn’t be waged. And you will come to know how cyber warfare has been covered unrealistically, technically misrepresented, and misunderstood by many.

What You’ll Learn

Understand the concept of warfare and how cyber fits into the war-fighting domain

Be aware of what constitutes and is involved in defining war and warfare as well as how cyber fits in that paradigm and vice versa

Discover how the policies being put in place to plan and conduct cyber warfare reflect a lack of understanding regarding the technical means and resources necessary to perform such actions

Know what it means to do cyber exploitation, attack, and intelligence gathering; when one is preferred over the other; and their specific values and impacts on each other

Be familiar with the need for, and challenges of, enemy attribution

Realize how to develop and scope a target in cyber warfare

Grasp the concept of self-attribution: what it is, the need to avoid it, and its impact

See what goes into establishing the access from which you will conduct cyber warfare against an identified target

Appreciate how association affects cyber warfare

Recognize the need for resource resilience, control, and ownership

Walk through the misconceptions and an illustrative analogy of why cyber warfare doesn't always work as it is prescribed

Who This Book Is For

Anyone curious about warfare in the era of cyber everything, those involved in cyber operations and cyber warfare, and security practitioners and policy or decision makers. The book is also for anyone with a cell phone, smart fridge, or other computing device as you are a part of the attack surface.

Table of Contents

Chapter 1. Cyber and Warfare

Abstract
There is an awful lot of hype and confusion surrounding the concept of cyber warfare. It is certainly a term that has gained traction recently in the media and in military and government discussions. As ambiguous as the term cyber is itself, cyber warfare seems to suffer from even more variance and mischaracterization in its definition, doctrine, and implementation. Fortunately, I believe that in understanding warfare and cyber separately we can societally come to a more standardized and widespread acceptance of what it means to defend ourselves in a cyber war, conduct cyber warfare, and perhaps globally define what is and is not acceptable in such conflicts.
Jacob G. Oakley

Chapter 2. Legal Authority

Abstract
Title 10 and Title 50 of the US Code are legal documents that outline the responsibilities of the Department of Defense (DoD) and Intelligence Community (IC), respectively. These two documents—with regard to war itself and cyber warfare specifically—are often poorly understood, misrepresented, and incorrectly cited. The intense interest and scrutiny in these documents is related to the legal authority they endow and the manner and responsibility for oversight of actions within that authority. I will do my best to efficiently summarize the importance of these documents to the warfighter and to cyber warfare itself as well as covering a third type of activity in covert action. I will also attempt to establish a fairly reliable line where activity must be done in the constraints of one title or another. I will further discuss examples of how this affects technical aspects of cyber warfare.
Jacob G. Oakley

Chapter 3. Cyber Exploitation

Abstract
When people generally speak of cyber-attacks or cyber warfighting, the onus typically seems to be on the end effect of the attack. This is understandable as the attack portion of cyber-attacks is usually a cyber-physical effect that even non-technical people can understand the impact of. When a cyber-attack can take control of a vehicle’s braking and steering, for instance, the cyber-physical effect of the attack is what makes the news. To the non-technical, losing control of their vehicle is highly relatable. Whereas the hackers among us are more interested in how the vehicle controlling code was delivered to the vehicle and how it was able to take over those computing functions. The term cyber-attack is commonly conveyed and interpreted as the entire process of bringing the attack end effect to bear on a system. In actuality the process involves cyber intelligence gathering or reconnaissance, cyber exploitation, and then ultimately a cyber-attack effect.
Jacob G. Oakley

Chapter 4. Cyber-Attack

Abstract
Cyber end effect activities fall into the two categories of cyber-reconnaissance for intelligence gathering and cyber-attacks. The previously discussed activity of cyber exploitation is necessary in many cases to enable intelligence gathering and is always necessary for cyber-attacks. Some might argue that exploitation is not always needed to attack another system and that they could do things like denial-of-service attacks, and so much traffic the remote system cannot keep up and fails in some way. If we revisit our definition of exploitation though, and its purpose of manipulating the target system to cause behavior that benefits the attacker, we can see how attacks are in fact exploitation. If I am sending too much traffic for a routing system to handle and it fails over into an open state, allowing all traffic, or even if it just shuts down or stops processing traffic from other senders as well, then I have manipulated that system to behave in a way I wanted which means I exploited it.
Jacob G. Oakley

Chapter 5. Cyber Collection

Abstract
The last cyber activity involved in waging war within the cyber domain is intelligence gathering which is integral to the success of any military operation. Whether it is done to support a Title 10 military operation of general national defense purposes supporting situational awareness, intelligence gathering is strictly a Title 50 effort. Unlike cyber-attack activity, intelligence gathering does not always rely upon cyber exploitation as an enabler.
Jacob G. Oakley

Chapter 6. Enemy Attribution

Abstract
Attribution in the cyber sense is the act of tying together cyber activities based on their attributes to determine that they are coming from the same actor. To make this a relevant effort in cyber warfare, we must take attribution a step further if possible and identify the actual entity the attributed actor represents. If you think about all the authority and legality required to wage cyber warfare, it could not realistically be done unless attribution is taken to its full conclusion and an actual enemy is identified. Even then, just because an enemy has been identified does not mean the action attributed to that enemy is an act of war. A graphical representation of the attribution process is shown in Figure 6-1.
Jacob G. Oakley

Chapter 7. Targeting

Abstract
Successful completion of the attribution process is done via a positive identification of the perpetrating actor and infallible determination of that actor’s motivation. If that motivation is deemed to be a cyber-attack, by open acknowledgement of irrefutable proof, we have established that we have an enemy. This enemy is one that is engaged in warfighting activity, targeting us, within the cyber domain. At this point that enemy must be considered as being openly engaged in conflict with our own state. As such, responses to the enemy state’s cyber-attack could be from or within any combination of warfighting domains. It might be appropriate to ignore, sanction, respond in kind, or escalate to something such as a kinetic capability like a missile or bomb. For the purposes of this book, we will not attempt to weigh out appropriate non-cyber responses to cyber-attacks of enemy states. Instead I will outline how a cyber response action could actually be conceived and executed.
Jacob G. Oakley

Chapter 8. Access

Abstract
With the target determined and the desired end effect decided, the cyber-attack mission is considered scoped. Deciding on the target is only the strategic half of a cyber-attack mission. On the tactical side, there needs to be a determination on how to deliver the desired effect against the target and in most cases that requires the establishment of some level of access to the enemy system. Access in the cyber domain is the placing of an attack effect in such a place that it can adequately execute its mission against the target. In some cases, the target may have an address on the open internet in which case access may simply be any other internet-connected device. In others, access may be having privileged access to a device in the same organization as the target. Access can also be more stringent; some attack tools may require almost no latency between the device where it is executed and the target and require an access adjacent to the target on the same network segment. There is also the possibility that the attack effect needs to be placed on the actual system it will affect, in such cases operations to gain access to an attack position take the mission right to the intended target.
Jacob G. Oakley

Chapter 9. Self-Attribution

Abstract
Earlier we covered enemy attribution and the process of attribution by which indicators of compromise eventually lead to identification of an actor and its potential motivation so that appropriate responses can be directed at strategic targets. Conversely, self-attribution is something that is typically avoided, especially when it is unintentional. Self-attribution happens when any portion of the attribution process yields an indication of perpetrated cyber activity. When a victim attempts to complete attribution of actors conducting cyber warfighting activity within its networks, the focus is on fully attributing that enemy such that responses can be responsible and appropriate. Where self-attribution is concerned, each phase of the attribution process can have huge impacts on the ability of the perpetrating party to continue to carry out warfighting activity in the cyber domain.
Jacob G. Oakley

Chapter 10. Association

Abstract
In an age of interconnectivity and within a domain of cyber centered around the internet, it should be no surprise that cyber domain activities are nearly incapable of cross or interacting with devices belonging to neither the aggressor nor victim state in any cyber warfighting activity. In most imaginable cases, the internet or World Wide Web plays a key role in the conduct of cyber domain actions. The term internet itself belies the origin of its creation for internetworking, and the Web in World Wide Web is a simple and powerful indicator to the messiness in cyber communication paths. The internet revolves around a lack of regulation and singular ownership, where devices owned by organizations and individuals all across the world communicate in common protocols.
Jacob G. Oakley

Chapter 11. Resource Resilience

Abstract
There are many diverse resources that coalesce into a warfighting effort within the cyber domain. For strategic and tactical decisions to be made regarding cyber activity and its impact on larger warfare or even individual missions, those resources need to be readily available and at the disposal of commanders and combatants alike. The resilience of these resources in the face of many challenges and obstacles is critical to cyber warfare. The sheer amount of resources that could be leveraged in war even within the cyber domain is limited only by the imagination; however, we will stick to common and easily understood resources which are generally categorized into being either operational resources, support resources, or personnel-based resources.
Jacob G. Oakley

Chapter 12. Control and Ownership

Abstract
We have established various resource types involved in cyber warfare and their importance to the success of the warfighter and the effectiveness of commander and decision makers. We will now cover the concepts of resource control and resource ownership as well as their uniquely amplified impact in the cyber domain. The threats to resilience and mitigations to them covered in this chapter cover for the most part threats posed to cyber warfare resources by the operating environment and defensive capabilities of the enemy and industry security apparatus. Loss of resource control and ownership are exceedingly more dangerous to the mission at hand and to overall success of waging a cyber war and represent loss of capability containment and potential damage to innocent non-combatant individuals and systems. Loss of control and ownership also potentially lead to state-developed capabilities being brought to bear against itself or its allies by enemy targets.
Jacob G. Oakley

Chapter 13. Challenges

Abstract
Chief among the challenges faced by those wishing to conduct warfare within the cyber domain are the misconceptions that lead to ill-informed policy, planning, and execution regarding cyber activity. Misconceptions surrounding cyber warfare stem from essentially two causes. One reason for many misconceptions is a lack of technical understanding for what is actually involved in carrying out warfighting actions within the cyber domain. The other reason that cyber warfare is generally misunderstood or misrepresented is that most individuals, even in the military and government, do not adequately understand the authorities, definitions, and legality which are involved in warfare in general and specifically how they apply to the cyber domain of warfighting.
Jacob G. Oakley

Chapter 14. Contemplation

Abstract
This book has hopefully been a journey to a deeper understanding of cyber warfare, what it actually means, and what the real technical and non-technical challenges would be faced in the process of carrying out warfighting actions in the cyber domain. Now that we know how it really works, I think it is worth exploring the question of, should it work?
Jacob G. Oakley
Additional information