Information Warfare Arms Control: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
(Created page with "==Full Title of Reference== Information Warfare Arms Control: Risks and Costs ==Full Citation== Maxie Thom, Information Warfare Arms Control: Risks and Costs, USAF Institute ...")
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 9: Line 9:
* Threats and Actors: [[States]]
* Threats and Actors: [[States]]
* Issues: [[Cyberwar]], [[Government to Government]]
* Issues: [[Cyberwar]], [[Government to Government]]
* Approaches: [[Government Organizations]], [[International Law (including Laws of War)]]
* Approaches: [[Government Organizations]], [[International Cooperation]], [[International Law (including Laws of War)]], [[Deterrence]]


==Key Words==     
==Key Words==     
Line 15: Line 15:


==Synopsis==
==Synopsis==
Cybersizing LoAC
In this document, Thom considers historic arms control treaties and enforcement efforts to analyze issues related to the development of arms control regarding Information Warfare (IW) activitiesIn this article, he limits the definition of IW to actions executed by state actors during interstate conflict and warfare.   
Against the backdrop of growing rhetoric that suggests that law in inadequate or lacking entirely within the cybersecurity context, Charles Dunlap argues that the basic tenets of existing Law of Armed Conflict (LoAC) to cyber issues are currently sufficient to address important issues of cyberwar. Despite the recommendations of cyberstrategists who argue that the creation of a new legal regime designed for cyberwar is urgent, Dunlap contends that any new agreement or international norm is unlikely in the foreseeable future. Therefore, they must turn to existing legal standards.
The “Act of War” Conundrum
A fundamental concern of policymakers centers on the issue of whether or not a cyber event constitutes an act of war; the answer to this question the options available to national decision makers. If it is truly “war,” then a response under a national-security legal regime is possible; if not, then treating the matter as a law enforcement issue is appropriate.
The United Nations Charter provides for two cases in which the use of force is authorized by nation-states: (1) when the Security Council authorizes force, and (2) when a nation acts in self-defense. Regarding self-defense, Article 51 states that nothing in the Charter shall “impair the inherent right of individual or collective self-defense if an armed attack occurs.” For classifying an armed attack in the cyber realm, the leading view focuses on an effects-based analysis of a particular cyber incident, with an incident being classified as an “armed attack” if its consequences extend to at least temporary damage of some kind. 
However, in interpreting Article 51, it is important to recognize that the UN Charter governs relations between nation-states, not individuals.  For actions against individual actors, states typically requests action from the state from whose territory the cyber attack was carried outIf it becomes evident that the state is “unwilling or unable to prevent a recurrence,” the aggrieved state’s actions in self-defense are typically justified.


A State of War
The discussion begins with the different levels of credibility that various groups assign to the IW threat, and proceeds to explain how IW is securitized across the military, economic, and political domains. The author defines arms control for use in his context as the “agreement among states to regulate some aspect of their military capability or potential,” and discusses if IW arms control is a likely prospect considering the decline in the US commitment to and reliance on arms control as a mechanism to maintain national security following the end of the Cold War.  
   
 
The presence—or absence—of a state of armed conflict carries significance, because during armed conflict the actions of belligerents are usually governed by the LoAC, not the more-restrictive rules applicable to law enforcement situations.
IW is substantially different from articles previously handled by arms control treaties, and Thom illustrates these differences by describing the intangible nature of IW’s effects, the lack of clear sovereignty in the cyber domain, and the ambiguous definitions found in international law.  The budgetary considerations of IW arms control are also discussed, with an emphasis on how the decreasing arms control budget demands that arms control treaties must be cost effective to be implemented successfullyThe 1993 Chemical Warfare Conventions is used to initially model the costs of the various phases of an arms control treaty, and the author breaks the costs into six distinct phases, the Pre-Signature costs, the Ramification Costs, Post Entry into Force (EIF) Costs, Administrative Costs, Industry Costs, and Overhead Costs, all of which are analyzed individually.  
 
When a state of armed conflict exists, the rules applied to kinetic targeting (distinction and proportionality) should be applied in the cyber domain.  In regards to targeting personnel, international law permits the targeting of civilians as long as they are directly participating in hostilitiesIt may help for cyber strategists to consider what activities of the enemy they would consider so intrinsic to a particular cyber process that they would warrant targeting as a matter of military necessity.
Thom finishes by discussing the risks associated with entering into an arms control treaty, which he classifies into seven categories: International Law, Sovereignty in the Information Realm, Verification and Compliance, Defensive, Increased Kinetic Targeting, and Political.  
The risk from international law is said to arise from the increased complexity in responding to IW events when they are tied into international treaties. The risk to sovereignty stems from the possibly reclassification of some U.S. diplomatic information campaigns as IW (making them illegal).  By providing countries sovereignty over the IW realm, it may also aid certain regimes in further limiting the type of information allowed to reach their citizens. The risk from verification and compliance includes a false sense of security, the leakage of information regarding our intelligence capabilities, and increased chances of IW weapons proliferation. The defensive risk comes from not having the ability to research defensive IW limited due to the dual-use nature of IW technologyThe increased risk of kinetic targeting results from aggressors resorting to kinetically striking targets that could have otherwise been handled through IWThis may result in greater civilian casualties and longer-term losses of infrastructure following conflicts.  The political risk stems from not signing such a treaty (such as with the Ottawa Landmine Treaty) and then having greater difficulties in building coalitions with our allies.
Generally, only members of the armed forces can wage war with the protection of the “combatant privilege.”  Therefore as Richard Clark states in Cyberwar, “It will have to be . . . military personnel [who] enter the keystrokes to take down enemy systems.”  If cyber operations are conducted by unauthorized persons, their government may be in violation of the law of war.
Cybering and the Citizenry
   
Because the NSA possesses unique technical expertise in the U.S. government, it (and thus the DoD) continues to be pushed into domestic cyber activities, despite the military intelligence apparatus being designed to focus on external threats. In October 2010, a section of the NSA was placed under the DHS for domestic cybersecurity, but it seems unlikely that the DHS will be able to effectively oversee the Defense Department.
   
With the continued role of the NSA in domestic cyber defense, experts recommend requiring the NSA to obtain “independent approval . . . from the FISA court or a FISA-type court” prior to employing advanced cyber security measures domesticallyAdditionally with the authoritarian nature of the armed forces, their involvement in the domestic civilian cyber sector should be limited, as it is a space where the public rightly expects freedom and rights to flourish.


==Additional Notes and Highlights==
==Additional Notes and Highlights==
*An exchange between Charles Dunlap and Stewart Baker regarding the role of lawyers in a cyberware can be found [http://www.lawfareblog.com/2012/04/stewart-baker-v-charlie-dunlap-on-the-role-of-lawyers-in-cyberwarfare/ here (web).]
*The mission of the USAF Institute for National Security Studies (INSS) is to promote national security policy research for the Department of Defense within the military academic community, to foster the development of strategic perspective within the United States armed forces, and to support national security discourse through education and outreach. INSS is located at the USAF Academy in Colorado Springs, Colorado and was created by the Air Staff in 1992. INSS’ primary sponsor is the Strategic Security Directorate on the Air Staff (HQ USAF/A5X). Each year, several of the research products from each year are published as INSS Occasional Papers and as articles in journals.
 
*A video of Major General Charles Dunlap speaking to many points found in this paper at the 2010 McCain Conference can be found [http://www.youtube.com/watch?v=aUDY6sffibI here (web).]

Latest revision as of 15:06, 25 July 2012

Full Title of Reference

Information Warfare Arms Control: Risks and Costs

Full Citation

Maxie Thom, Information Warfare Arms Control: Risks and Costs, USAF Institute for National Security Studies (2006). Web

Categorization

Key Words

Synopsis

In this document, Thom considers historic arms control treaties and enforcement efforts to analyze issues related to the development of arms control regarding Information Warfare (IW) activities. In this article, he limits the definition of IW to actions executed by state actors during interstate conflict and warfare.

The discussion begins with the different levels of credibility that various groups assign to the IW threat, and proceeds to explain how IW is securitized across the military, economic, and political domains. The author defines arms control for use in his context as the “agreement among states to regulate some aspect of their military capability or potential,” and discusses if IW arms control is a likely prospect considering the decline in the US commitment to and reliance on arms control as a mechanism to maintain national security following the end of the Cold War.

IW is substantially different from articles previously handled by arms control treaties, and Thom illustrates these differences by describing the intangible nature of IW’s effects, the lack of clear sovereignty in the cyber domain, and the ambiguous definitions found in international law. The budgetary considerations of IW arms control are also discussed, with an emphasis on how the decreasing arms control budget demands that arms control treaties must be cost effective to be implemented successfully. The 1993 Chemical Warfare Conventions is used to initially model the costs of the various phases of an arms control treaty, and the author breaks the costs into six distinct phases, the Pre-Signature costs, the Ramification Costs, Post Entry into Force (EIF) Costs, Administrative Costs, Industry Costs, and Overhead Costs, all of which are analyzed individually.

Thom finishes by discussing the risks associated with entering into an arms control treaty, which he classifies into seven categories: International Law, Sovereignty in the Information Realm, Verification and Compliance, Defensive, Increased Kinetic Targeting, and Political. The risk from international law is said to arise from the increased complexity in responding to IW events when they are tied into international treaties. The risk to sovereignty stems from the possibly reclassification of some U.S. diplomatic information campaigns as IW (making them illegal). By providing countries sovereignty over the IW realm, it may also aid certain regimes in further limiting the type of information allowed to reach their citizens. The risk from verification and compliance includes a false sense of security, the leakage of information regarding our intelligence capabilities, and increased chances of IW weapons proliferation. The defensive risk comes from not having the ability to research defensive IW limited due to the dual-use nature of IW technology. The increased risk of kinetic targeting results from aggressors resorting to kinetically striking targets that could have otherwise been handled through IW. This may result in greater civilian casualties and longer-term losses of infrastructure following conflicts. The political risk stems from not signing such a treaty (such as with the Ottawa Landmine Treaty) and then having greater difficulties in building coalitions with our allies.

Additional Notes and Highlights

  • The mission of the USAF Institute for National Security Studies (INSS) is to promote national security policy research for the Department of Defense within the military academic community, to foster the development of strategic perspective within the United States armed forces, and to support national security discourse through education and outreach. INSS is located at the USAF Academy in Colorado Springs, Colorado and was created by the Air Staff in 1992. INSS’ primary sponsor is the Strategic Security Directorate on the Air Staff (HQ USAF/A5X). Each year, several of the research products from each year are published as INSS Occasional Papers and as articles in journals.
Retrieved from "http://cyber.harvard.edu/cybersecurity/?title=Information_Warfare_Arms_Control&oldid=6449"