Cyber Operations

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Cyber Operations: The New Balance

Full Citation

Stephen W. Korns, Cyber Operations: The New Balance, 54 Joint Force Quarterly 97 (2009). Web



Key Words

Botnet, Computer Network Attack, Cyber Crime, Cyber Terrorism, Department of Homeland Security, Hacker, Information Asymmetries, Intelligence Infrastructure/Information Infrastructure, Malware, National Security, Security Tradeoffs, Sponsored Attacks, Transparency, Trojan, Worm


The article seeks to explore today's normalcy in cyberspace.

Taking as a starting example Russia's CNA attacks on Georgia in 2008, the author looks at how the attacks used tools from a Web site hosted by a Texan company to attack a Web site that was hosted by a company based in Atlanta, Georgia. The U.S experienced collateral damage during these attacks.

The next example is Mumbai, where terrorists used Google Earth, BlackBerry phones and GPS to form an integrated, low-cost command and control system that enabled a modicum of information superiority. The author's view is that nonstate actors "do not fear network0centric warfare because they have already mastered it." Mumbai is the new cyber normalcy.


New normalcy has become an episodic policy construct in US strategy ideation; national leadership has relied on its clario to illuminate moments of transcending reorientation. New normalcy signals a cardinal shift in the nature of U.S. security.

In 1953, President Dwight Eisenhower viewed the atomic realities of Soviet nuclear weapons as a new and untenable threat. Reflective of this thinking, a White House aide wrote a secret memorandum highlighting the nuclear age of peril as “the new and to all intents permanent normalcy.”

On October 25, 2001, echoing a deep national sense of insecurity after the 9/11 ter- rorist attacks, Vice President Richard Cheney lamented, “Many of the steps we have now been forced to take will become permanent in American life. They represent an understand- ing of the world as it is, and dangers we must guard against perhaps for decades to come. I think of it as the new normalcy.”

New normalcy defines a quintessential dichotomy: the urge to return to the comfort and routine of a normal state, confronted by the realization that the prior condition no longer exists. For example, many in the U.S. foreign policy community viewed the collapse of the Soviet Union as an opportu- nity for a return to normalcy in American foreign policy, allowing the United States to cash in the peace dividend.

U.S. joint military doctrine includes new normalcy as a central concept. From this perspective, new normalcy is the condition achieved whereby an adversary is rendered unable to oppose U.S. strategic objectives. After achieving the operational endstate, new normalcy becomes a strategic goal in transition from conflict, which disrupts normal life, to a new level of stability.

Although primarily understood from a policy development point of view, there is also a socioscientific basis for comprehension of new normalcy. Thomas Kuhn posits that when the current normal condition cannot explain or resolve an anomaly, a crisis ensues, leading to a fundamental paradigm shift, concluding in a new state of normalcy. In Kuhn’s normative transformation theory, a professional community “alter[s] its conception of entities with which it has long been familiar, and . . . shift[s] the network of theory through which it deals with the world.”new normalcy in the American experience signals a cardinal shift in the nature of U.S. security


There is a growing national sentiment regarding the fear of a major cyber disaster—thus, the dramatic rise in predictions of a “cyber Pearl Harbor” or an “e-9/11” event. Vint Cerf even likens the rampant spread of malware to a “pandemic that could undermine the future of the Internet.”

In the end, Cerf reflects circumspectly, “It seems every machine has to defend itself. The Internet was designed that way. It’s every man for himself.”

A December 2008 Center for Strategic and International Studies (CSIS) report on cybersecurity concludes that protecting cyberspace is “a battle we are losing.” In testimony before Congress, Jim Lewis, a member of the panel that wrote theCSIS report, stated that “the U.S. is disorganized and lacks a coherent national [cybersecurity] strategy.”

As early as 2003, the Gilmore Commission’s report on Forging America’s New Normalcy predicted the onset of cyber new normalcy conditions, including cyberterrorism.


Commoditization: Under old normalcy, individuals developed malware. Under cyber new normalcy, anyone can obtain malware at the “cyber drive-through window.” The Inter- net is a profit-generating machine for criminal syndicates that have perfected malware-as-a-service.

Identification. Under old normalcy, when bombs and bullets flew, identification of the adversary was relatively easy. In cyber new normalcy, identification is the exception. In Here Comes Everybody, author Clay Shirky attributes “ridiculously easy group formation” as the Internet’s defining characteristic.

Distrust. Under old normalcy, we trusted but verified. Under cyber new normalcy, there is no trust, and verification is highly suspect. Malware can spoof and effectively nullify antivirus and firewall systems. Even worse, a team of Dutch and Swiss researchers have broken the MD5 encryption algorithm used by nearly all Internet Web browsers.


Secretary Gates’ call for a renewed focus on U.S. deterrence policy evokes President Eisenhower’s New Look emphasis on strategic deterrence. An enlightened cyber strategy would seek an appropriate balance between secrecy and openness. While working at RAND in the early 1960s, Paul Baran con- ceived the digital packet switching concept used to establish a survivable U.S. nuclear command and control system. Significantly, Baran openly published his work, with the U.S. Government’s implied consent, under the premise that “deterrence only works if the other guy knows.”

Credible deterrence will also require balanced resourcing for identification and authentication; data hardening and network resiliency; cyber intelligence, surveillance, and reconnaissance; and cyber early warning and response. such an obsessiveness that it would destroy the economic base or the civil freedoms of the country.”


As witnessed in the cyber attacks on Estonia, Lithuania, and Georgia, non–mirror-imaging adversaries have a well-honed grasp of operating within the grey area of cyber, below the threshold of use of force. Deterritorialized attackers target territorialized infrastructure, frustrating border-based orthodoxy. These hybrid cyber militia-mobs clearly demonstrate that adversaries will not fight the U.S. military on its own terms in cyberspace. In fact, military-on- military in cyberspace may become the exception, rather than the norm, with relatively few “lawful combatants” in the traditional sense. An astute strategy would seek to refine the understanding of how “military affairs” fits within a cyber world where predominantly industry and noncombatant civilians establish and control the core operational theater of conflict.

Additional Notes and Highlights

Expertise Required: International Warfare - Low

About the author: Colonel Stephen W. Korns, USAF, is Vice Director for Strategy, Plans, Policy, and International Relations at Joint Task Force–Global Network Operations, Washington, DC for balance in defense capabilities.