A number of years ago at TU Dublin I overheard several students discussing a map they were looking at that visualized DDoS attacks such as Digital Attack Map and commenting about how it visualised Cyber War before their very eyes. This didn't exactly seem right to me, but I couldn't exactly put my finger on why it wasn't right. It did start me on a journey though, and this post is the first in what will probably be many, many more from that journey.
War is a legal concept from the field of International Law and while I feel like it is important to understanding this topic, there has been some much change over the last year or so, that I haven't been able to keep up with it all and I need to re analyse my thinking on several aspects. Tallinn 1.0 and 2.0 are still great, but this change has prompted Tallinn 3.0 to be written, to look at the issues in 1.0 and 2.0 though the recent statements of various states. I have heard rumor of another such book coming out from the NATO CCDOE which is an Operator's Manual, which I think may be similar to the US DoD's Law of Armed Conflict Deskbook. So looking at the legal aspects of such a conflict in cyberspace may have to wait for me to reanalyse my thinking or for a more complete expert opinion to come out in the field.
The next best thing to talk about, if you can't talk about if something is or is not 'Cyber War', would be to assume that such state exist and to look at what such a conflict may look like. I was thinking about saving for a talk at something like BSides Dublin or BSides Belfast or maybe something more towards this niche like Slándáil but the Human Malware situation has gotten in the way of this so... A blog post it is!
Understanding Modern Warfare
To understand how Cyber fits into modern warfare first, you must understand what warfare is, how it can be viewed, a little on the history of how we got to where we are in warfare and where wars are fought. First warfare is;
the activity of fighting a war or strongly competing, esp. with reference to the type of weapons used or to the way the fighting is done:
Definition of warfare from the Cambridge Academic Content Dictionary © Cambridge University Press
As I see things, warfare is best described though by looking at things as you would a tree. Each branch off the trunk is a Domain or Dimension of warfare and each branch off of a Domain is a Subdomain that encompasses a way of using a given type of warfare. There are generally said to be five Domains. Land, Sea, Air, Space, and finally, Information. It should though be noted that things are not limited to just those 5 domains. War can be fought Asymmetrically, can also involve the use of Chemical and Nuclear weapons, and can be about how much of your state's economy and populace you use to fight a war, so considering those areas is also important. This is a simple breakdown of the various domains of warfare;
- Land Warfare
- Maneuver Warfare
- Mountain Warfare
- Sea or Naval Warfare
- Commerce Raiding
- Mine warfare
- Ariel Warfare
- Air Superiority
- Aerial Bombing
- Space Warfare
- Anti-Satellite Weaponry
- Kinetic Bombardment
- Information Warfare
- Computer Network Attack
- Electronic Attack
- Asymmetric Warfare
- Hybrid Warfare
- Guerrilla Warfare
- CBRNe Warfare
- Chemical Warfare
- Nuclear Warfare
- Level of Integration In War
- Limited War
- Total War
Finally, a very, very brief history of warfare. Since essentially the stone age, when people figured out that a force could have a unit with pointy sticks and primitive shields to defend another unit with stones to sling, we have lived in an era of Combined Arms Warfare. Combined Arms Warfare has come in many forms through many generations. In the Bronze Age, Chariot was king of the killing zone, expensive to field and run but potentially lethal when used correctly in conjunction with a well-arranged array of units with spearmen. In the Middle Ages, we all know stories of a few Knights on horseback who would fight alongside Archers and Foot Soldiers, and in the Renaissance Era Artillery, Cavalry, and Soldiers armed with muskets would make up armies.
Granted this is a very western perspective, but Persian armies against Alexander the Great were composed of Infantry, Archers, Cavalry, Chariots, and War Elephants. The Mongolian forces in the era of Genghis Khan, while mostly cavalry to prioritize mobility, broke their cavalry into light cavalry who were horse archers and heavy cavalry who were lancers as well as using Foot Soldiers as needed. Aztec forces against Spanish Invaders were comprised of multiple kinds of ranged and close-quarters combat designed for use in jungles blowguns and small daggers as well as more conventional equipment such as bows, spears, and clubs. When Japan invaded Korea in 1592, they arrived with a force, of Samurai, Arquebusiers, Archers, and Spearmen. The Ashanti Empire, where Ghana is today, was mostly infantry and archers and in later years were infantry with firearms and artillery.
In the 16th century, things changed somewhat. The colonization of various parts of the world to draw the wealth of those regions meant that in times of war, you could destabilize your opponent by interfering with their ability to pay for troops or mercenaries. This spawned a growth in the use of Privateer's and to combat Privateer's, most navies began to greatly expand in size and capability. This brought on the era of Multi-Domain Battle. Understanding that war can be waged not just on Land, but at Sea, in the Air, Space, or Cyberspace is crucial to understand how it will be used going forward.
The era we currently live in is that of Joint Operations or Joint All Domain Operations. The idea is that sure there are different military branches, with different specialties and goals in combat, but the overall military strategy relies on a single, unified combat command based on a geographic area or a specific function that a command has. For example, the US military has a geographic command with USAFRICOM, or Africa Command which is in charge of operations on most of the continent of Africa except Egypt. An example of a Functional Command is that of USTRANSCOM Transport Command which unifies the various resources of the Army, the Air Force, and the Navy to provide to supply and transport needed materials.
Cyber is a Unified Functional Command in the US and the US DoD is quite clear about how they intend to use Cyber, as part of Joint All Domain Operations. It does not matter to the US DoD if you are in the Army, the Air Force, the Navy, or the Marines, the service you are in will be working as a team on operations to achieve its goals.
Finally, we must understand where battles are fought. In the past we had Battlefields and this is a simple idea. You have a place where both forces meet for an encounter or where one force uses its speed to dictate to an opposing force where a battle should happen and how it should happen. In the 20th century, though with the rise of aircraft, battles were no longer two-dimensional areas where you fought, they were three-dimensional spaces. This was still a battlefield though and even the arrival of space-based assets didn't change that.
The arrival of the 5th Domain though, Cyber or sometimes Information changed how militaries see the battlefield. It is now more than just a three or four-dimensional environment, it now includes an information component and awareness of the electromagnetic spectrum that cyber or other means could be used to exploit or apply a form of warfare. This thinking combined with Joint All Domain Operations turned combat domains from a place where specific forms of warfare only applied and turned these domains into communication mediums for forms of warfare
Network Centric Warfare
To understand Information Warfare, you need to put aside the idea of Cyber as its own Domain of Warfare and see Information as the real 5th Domain. You need to do this for the same reason that Cyber isn't the best term for all the things that someone in Cyber Security may be charged with protecting. Ultimately what they are doing is Information Security as it encompasses a broader set of issues beyond that of just digital systems, but includes physical devices, processes, and a general broader outlook towards securing systems and data. With that in mind, what is Information Warfare;
"... is any action to Deny, Exploit, Corrupt or Destroy the enemy’s information and its functions; protecting ourselves against those actions and exploiting our own military information functions".
Col. Andrew Borden, USAF (Ret.), quoting Vice Admiral Arthur Karl Cebrowski; What is Information Warfare?
This definition is quite clear, but that my not directly related to how Cyber is involved. Information Warfare once had a different name, Command and Control Warfare where the goal was the use whatever means to Deny, Exploit, Corrupt or Destroy an opponent's methods for commanding their units by denying them the ability to get orders out or understand the situation their units were in. With the advent of Cyber Operations, the name changed again from Information Warfare to Network Centric Warfare, as networks became a lot more important in every life as well as military life. As a general term, Network Centric Warfare and Information Warfare are interchangeable but the use of Command and Control Warfare has diminished somewhat.
Since Information Warfare is not limited to just cyber, it has a wide range of attack modes that a commander can utilize which was laid out in 1999 before Cyber had become a major focus for military operations;
Operations Security (OPSEC)
Concealment, Cover and Deception (CCD)
Psychological Operations (PSYOPS)
Destruction (Hard Kill)
Electronic Warfare (EW)
Col. Andrew Borden, USAF (Ret.); What is Information Warfare?
Information Warfare is the jamming of, intrusion into, spoofing of, or exploitation of an opponent's communications channels. Not just that, if your opponent is using some of these attack modes for their advantage, you can implement better OPSEC, CCD, or reduce your electronic signature. All this is done to improve your decision-making while degrading your opponents.
While there is no particular issue with this approach, Col. Borden notes that information is generated in bits per second which is not something you can destroy, just degrade so he updates VADM Cebrowski definition to be;
Degrade
Corrupt
Deny
Exploit
Col. Andrew Borden, USAF (Ret.); What is Information Warfare?
Network Centric Warfare aims to create an Information Advantage, a scenario where networks are embedded in your weapons systems are such that you generate and process information more quickly and resiliently than your adversary, while degrading their information generation and processing capabilities, to create a state such that;
... a commander can sense, understand, decide and act faster and more effectively than an adversary,
Lt. Gen. Stephen Fogarty, Commander of U.S. Army Cyber Command; seapking at CEMAlite Conference 2020
To understand how this looks in action, it's best to look at a case study. One of the best examples of how Information Warfare is used is to look at the Air Campaign as part of the First Gulf War, where the US utilized many aspects of Information Warfare.
First Gulf War Air Campaign
In 70's the Iraqis hired a French company, Thompson CSF, to build a fiber optic network to link its various command and control systems which was complete in 1986. Along with building a series of hardened bunkers deep underground, the overall command and control system would be quite difficult to eliminate with conventional means. The bunkers could communicate using a fiber optic network called KARI with redundant microwave radio links as well as landline links if there were existing telecoms trunks.
For Coalition Forces to achieve Air Supremacy for Operation Desert Storm, they needed to attack KARI to disrupt centralized anti-air command and control and interceptor command and control and to suppress enemy air defences. Within two days KARI had been so effectively suppressed by the use of precision-guided weapons, that they had switched to dumb bombs and gun strafing runs. Knowing knocking out KARI was priority number one, the NSA had positioned a Rhyolite/Aquacade Signals Intelligence satellite over Iraq so that when the Iraqis moved from KARI network to microwave links, the NSA was able to listen in on the communications and exploit this as they knew exactly what the Iraqis we're going to do as soon as they did and allow Collation Forces to counter these moves.
An exploit such as this, used so abundantly couldn't last forever and eventually, Iraqi intelligence figured out what was going on but by now they were reduced to motorbike couriers. While effective they are a slow method of transport in a vast country with a fast-moving battlespace. Effectively this degraded the Iraqi's Command and Control of their air defences by destroying their best communication links and forcing them to use less operationally secure communication links as well as slower methods to communicate as well as allowing their communications to be exploited and provide that vital Information Advantage.
While this eliminates the Command and Control network, individual missile batteries could still fire at aircraft. To deal with this, suppression of enemy air defences, or SEAD, was employed. Collation Forces flew sorties of Wild Weasels to attack batteries that dared to turn on their radars as well as flying Electronic Warfare aircraft to jam as well as the use of drones to emit signatures that matched other aircraft. This part of the mission corrupted the Information that battery commanders had with Electronic Warfare and the worry of the Wild Weasel aircraft around, real or spoofed is Psychological Warfare as you never know if your will be killed by attempting to acquire a target with your radar.
If you want to know more about the operation, Chapter 3 of Part 2 of the Gulf War Air Power Survey, published by the US DoD covers the topic nicely, with the good stuff starting on page 130 of Part 2. Information on spoofing is found on page 91 of Part 2. And Fred Kaplan discusses the impact of downgrading from fibre optic communication to microwave communication in Chapter 2 of his book Dark Territory.
The God of War
While the Air Campaign of the First Gulf War shows how Information Warfare can be used, it doesn't show its full utility. It just shows how for a particular adversary, how the way that information flows in that adversaries' networks can be exploited to achieve the given set of objectives for a given operation. It does not show the broad scale of things that Information Warfare is capable of achieving. To understand what it is capable of, it's worth noting two more things, the first is Fire and Fire Superiority, and the second is Soviet Artillery Doctrine.
Fires are;
The use of weapon systems or other actions to create specific lethal or nonlethal effects on a target.
US Joint Chiefs of Staff; DOD Dictionary of Military and Associated Terms, pp 82
Fire Superiority is;
Infantry units must mass the effects of fires to achieve decisive results. Leaders achieve fire superiority by concentrating all available fires. Massing involves focusing fires at critical points, distributing the effects, and shifting to new critical points as they appear
US Marine Corps; FM 3-21.8, pp 2-2
The ultimate aim of Fire Superiority is to create a Force Multiplier. Force Multiplication is;
A capability that, when added to and employed by a combat force, significantly increases the combat potential of that force and thus enhances the probability of successful mission accomplishment.
US Joint Chiefs of Staff; Joint Special Operations Task Force Operations, pp GL-11
The idea is that the more weapons systems you mass on a target or sector, the greater chance you have of accomplishing your mission. And this is one of the things that Information Warfare can and will do in the modern battlespace. From a wonderful book of Soviet tactics;
In modern offensive engagements, mutual fire support between the subunits on the offensive and fire resources increases in importance because of the drastic increase in the resources making fire strikes, the increased scope of offensive engagements, and their dynamism and maneuverability. In order to defeat the enemy, it is necessary to precisely coordinate the fire of the attacking subunits and attached and supporting resources in terms of target, place, and time.
V.G. Reznichenko in Тактика, pp 96
Since I am going to discuss Soviet doctrine, it would be a shame if I didn't use sources of Russian origin. Now I can't read Russian, but that does not mean I can't access literature that covers Soviet doctrine. There exists a wonderful book written by the Soviet's and published in English 'under the auspices of the U.S. Air Force' called Тактика or Tactics that covers Soviet military doctrine. It's a fascinating read and most importantly, there are translated quotes in there from Mikhail Vasilyevich Frunze, who is by far and away, the most influential military thinker of the Soviet Union and arguably also for the Russian Federation. As for as Frunze was concerned, the application of Fires was what won battles;
Fire constitutes the decisive factor and main force in modern combat. Superiority over the enemy may be achieved only by fire.
V.G. Reznichenko quoting M. V. Frunze; Тактика pp 88
In western military cultures, maneuver elements such as Main Battle Tanks are the hammer and artillery is the anvil, used in support of maneuver elements actions. You can see an example of this in action during G-Day in Operation Desert Storm whereas the XVIII Airborne Corps moved forward, the Iraqis fired artillery at them and coalition forces returned massive firepower that allowed maneuver elements to engage ground element who immediately surrendered.
The Soviets had a different outlook on things though. As far as they were concerned, maneuver elements supported the artillery and the artillery is the hammer. So much so that in the Soviet military culture, and even today in Russian military culture, artillery is still referred to as The God of War. They did so because they saw artillery as the in a specific way;
Artillery continues to be an important asset for delivering fire strikes on the enemy, having, as it does, great firepower and accuracy, a great capacity for quick preparation for action, and a capability for wide maneuver and rapid concentration of fire on the most important targets.
V.G. Reznichenko; Тактика pp 19
So why did they do this? They envisioned a battlespace where they use artillery to gain Fire Superiority, which allows maneuver elements to move without taking as many casualties as they maneuver because the opposing force is suppressed or unable to fire back because they have to deal with a force that is firing at them. They also place great emphasis on speed in battle as speed allows you to dictate the course of a battle. This allows you to prevent an enemy from running away or getting to an organized defensive position and allows you to engage them as you please.
Modern combined arms combat is characterized by resoluteness, great maneuverability, intensity and fast evolution, rapid and drastic changes in situation and a diversity of methods by which it can be conducted, and the development of high-momentum combat actions on the ground and in the air, on a broad front and in great depth.
V.G. Reznichenko; Тактика pp 36
We should break down some of those terms. Speed is pretty obvious, moving fast, as is intensity, and fast evolution is explained in the quote. By recognition of the diversity of methods by which it can be conducted, they are also planning a battle similar to a Battlespace where combat spans domains and forms of warfare. Maneuverability though, isn't explained and in Soviet artillery terms, it has a specific meaning;
Maneuver by fire is a Russian concept whereby fire is shifted from one target, line or sector without moving the firing positions of the artillery pieces. It is used in battle to cause mass destruction of important targets in a short period of time. All of the fires can be conducted against one target simultaneously or conducted against that target and then other targets one after another.
Dr. Lester W. Grau and Charles K. Bartles; The Russian Way of War, pp 234-235
Now that was quite a lot of discussion on the nature of Soviet Artillery. Where am I going with this? Well General Mike Hayden had a very interesting quote that he once gave;
"[Cyber] “It’s inherently global, inherently strategic, inherently characterized by great speed, inherently characterized by great maneuverability and hard to defend,” “Automatically, you know all the advantage goes to the offense.”
General Michael Hayden, former DICA and DNSA; Speaking at Westmont College
Bear in mind, when he was Director of the NSA in 1999, the doctrine of Information Warfare was being defined by the various bodies of the DoD, he was leading one of the major arms of any Information Warfare effort. He has a unique view of how Information Warfare would be used and what its capabilities are. Allow me to explain.
Seeing the Cyber component of Information Warfare as global is easy, the internet is borderless and it allows you massive reach. It's strategic in terms that Information Warfare is by nature, the denial, exploitation, corruption, or destruction of information effects how an opponent thinks and makes decisions. Any impact to that has strategic impacts. And it's got a massive advantage for those on the offensive as attacks are carried out in milliseconds and the lag between attack and detection can range from days to months where you can effectively exploit the information gathered.
But where the comparison to Soviet Artillery comes into its own is when he mentions the speed, maneuverability, and how difficult it is to defend from. Cyber essentially moves at light speed. Cyber would hardly be used to attack a single target, and by its automated nature, you could easily set up a strike package for several targets n, and when ready, fire at the first target and move through all targets on the list until you hit n, or if you so choose to fire simultaneously, without ever having to move.
But not just that, Soviet and modern Russian artillery has a number of uses;
They are designed to perform the following main tasks:
- achieve and maintain fire superiority
- defeat of the enemy’s means of nuclear attack, manpower, weapons, military and special equipment
- disrupt troops and command and control, reconnaissance, and EW systems
- destroy permanent defense installations and other infrastructure
- disrupt the enemy’s operational and tactical logistics
- weaken and isolate the enemy’s second echelons and reserve
- destroy enemy tanks and other armored vehicles that breach the defense
- cover open flanks and junctions
- participate in the destruction of enemy aircraft and the amphibious assault forces
- conduct remote mining operations
- provide illumination to troops maneuvering at night
- provide smoke screens and blind enemy targets
- distribute propaganda materials
Dr. Lester W. Grau and Charles K. Bartles; The Russian Way of War, pp 232
Now isn't that curious? Artillery is a form of fire that while it has multiple uses, can be used to gain and maintain fire superiority, disrupt command and control as well as electronic warfare, and corrupt the information space with propaganda. Not just is Cyber in some ways directly comparable to artillery in how it could be employed, but their objectives also share some overlap.
The use of Information Warfare is essentially a form of fire, though not in a traditional sense though. Because it is a fire, it is a force multiplier, where an Information Advantage can be leveraged, with or without more traditional forms of Information Warfare to gain an advantage over an opponent with the idea that this will achieve the US goal of Full Spectrum Dominance over every Domain of the Battlespace.
Weapons Employment
Now after some background, I suppose I get on with what people are probably here for, some examples of Cyber Bullets going Zzzzzzzap or pew pew or whatever sound is made, can be used as a Force Multiplier in combat, just be aware that the terminology you may familiar with, may differ from what you expect as things tend to have a different meaning in a military context as militaries have its own lexicon.
Degrade
Data can be degraded either by delaying it until its usefulness is reduced or by destroying it in full or part. For example, the use of concealment is an Attack measure (degradation) against the collection task. The use of jamming to reduce the Capacity of a communications channel (thereby delaying transmission) is another example.
Col. Andrew Borden, USAF (Ret.); What is Information Warfare?
Sea Lines of Communication (SLOC)
If you have ever read Tom Clancy's Red Storm Rising, you will be acutely familiar with the importance of Sea Lines of Communication. One of the major plotlines in the book concerns Soviet plans to disrupt NATO's ability to resupply their forces in the European theatre of battle. To do this they attempt to close the Sea Lines of Communication between North America and Europe. This will continue to be a strategy in the future, though the ultimate aims of such a strategy and thoughts of what Sea Lines of Communication are may change from sea-based trade and logistics to data transmission across the seas.
For an example of this, Fred Kaplan in his wonderful book Dark Territory has an interesting snippet from the time the NSA was lead by VADM McConnell. He was presented with a map of Sea Lines of Communication and also with another of undersea fiber-optic cables and was able to grasp the similarity between the conventional thinking on Sea Lines of Communication and where this idea might go in the future;
Around the same time, one of McConnell’s aides came into his office with two maps. The first was a standard map of the world, with arrows marking the routes that the major shipping powers navigated across the oceans—the “sea lines of communication,” or SLOCs, as a Navy man like McConnell would have called them. The second map showed the lines and densities of fiber-optic cable around the world.
This is the map that you should study, the aide said, pointing to the second one. Fiber-optic lines were the new SLOCs, but they were to SLOCs what wormholes were to the galaxies: they whooshed you from one point to any other point instantaneously.
McConnell got the parallel, and the hint of transformation, but he didn’t quite grasp its implications for his agency’s future.
Fred Kaplan; Dark Territory, pp 30
During Operation Desert Storm, VADM McConnell ran the Joint Intelligence Center, the heart of the US military's information warfare operations, including working on the targeting of the KARI network as I mentioned previously. He knew how important information warfare was going to be and in his time leading the NSA he revolutionized the agency, taking it from an organization that was struggling to gather SIGINT from older sources such as microwave links, as they disappeared, only to be replaced with fiber-optic cables, to one that was capable of quickly pivoting to what others were doing, continuing to gather SIGINT and embracing information warfare;
McConnell had a lot on his plate: the budget cuts, the accelerating shift from analog circuits to digital packets, the drastic decline in radio signals, and the resulting need to find new ways to intercept communications. (Not long after McConnell became director, he found himself having to shut down one of the NSA antennas in Asia; it was picking up no radio signals; all the traffic that it had once monitored, in massive volume at its peak, had moved to underground cables or cyberspace.)
Fred Kaplan; Dark Territory, pp 35
In a time of war, the cutting of fiber optic cables would not destroy an adversary's ability to command its forces, but as I mentioned, the goal is to degrade this capability rather than to destroy it. As 99% of transoceanic data is transmitted over sub-sea fiber optic cable, any degradation of service will ultimately degrade the number of bits per second transmitted across oceans, which is the ultimate goal of Information Warfare.
Further to this end, an occasional paper in the Naval Historical Society of Australia mentions that the Australian government considers its sub-sea fiber optic links to be vital to the national economy, and has made the protection of such sub-sea cables a major issue as it presents major strategic consequences in times of war. By cutting such cables, not only do you degrade a state's ability to gather and use information, thereby degrading their informational awareness, you can also have secondary impacts such as disrupting the functioning of the national economy.
Domain Denial
While it is arguable that the tenuous relationship between data transmission and naval logistics is a real issue and based on the quote from Fred Kaplan it could be interpreted in various ways, Domain Denial does not have such an issue and is a common form of warfare as can been seen by the use of surface to air missile systems to assist in air control.
Unlike the land, sea, and air, space has become immensely important to civilians and militaries alike over the last 30 to 40 years. More capabilities have moved to space because they allow for a given function to be done more precisely, with greater coverage and expanded capabilities.
GPS for example, while it has become a staple of everyday civilian life, it has transformed how militaries perform targeting by allowing weapons to be guided on to a target, even if the target is on the move, you can update and relay the new position and use a constantly computed impact point to ensure your hit the target. If you don't have a precise place for a guided munition to hit, you can also use space-based assets like satellite imagery to figure out where a target is and then get a GPS location for it. And over time this has only grown in importance;
Almost all modern military engagements rely on space-based assets. During the US-led invasion of Iraq in 2003, 68 per cent of US munitions were guided utilizing space-based means (including laser-, infrared- and satellite-guided munitions); up sharply from 10 per cent in 1990–91, during the first Gulf war. In 2001, 60 per cent of the weapons used by the US in Afghanistan were precision-guided munitions, many of which had the capability to use information provided by space-based assets to correct their own positioning to hit a target
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 2
While GPS, also known as Position, Navigation and Timing, and imagery intelligence is a part of the larger mission of Intelligence, Surveillance, and Reconnaissance, is a subset of what can be accomplished with space-based assets, it is capable of so much more than just that, as well as a subset of missions in each category for which I have only scratched the surface;
NATO currently uses six space-dependent capabilities for its alliance operations and missions:
- Position, navigation and timing (PNT)
- Intelligence, surveillance and reconnaissance (ISR)
- Missile defence
- Communications
- Space situational awareness (SSA)
- Environmental monitoring (weather forecasting)
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 10
So how would one degrade space assets to such an extent that the domain was partially or entirely denied to an adversary? The European Space Agency has done multiple studies looking into the cybersecurity of space-based systems and found that conventional civilian systems are vulnerable to "jamming, spoofing and hacking attacks", as well as providing some examples of previous attempts at using these tactics;
Examples of hacking, spoofing, spying in space
Some unclassified examples from open literature include:
- In 1998, German-US ROSAT space telescope inexplicably turned
towards the sun, irreversibly damaging a critical optical sensor
following a cyber-intrusion at the Goddard Space Flight Center.- On October 20, 2007, Landsat 7 experienced 12 or more minutes
of interference. Again, on July 23, 2008, it experienced other 12
minutes of interference. The responsible party did not achieve all
steps required to command the satellite, but the service was
disturbed.- 2008, NASA EOS AM–1 satellite experienced two events of
disrupted control: in both cases, the attacker achieved all steps
required to command the satellite, but did not issue commands.
Jean Muylaert and Luca Del Monte; Cybersecurity of Space Missions, slide 3
It has gotten serious enough that the US Air Force Research Lab teamed up with the organizers of DEFCON to host the Hack-A-Sat CTF at DEFCON 28, where the second-place team, Poland Can Into Space, was able to gain control of an actual satellite, in orbit and turn it to take a photo of the moon, in a literal moonshot;
I won't quote all of what Beyza Unal identified as possible impacts of a loss of access to space assets, you can peruse them in the linked paper at your discretion, but I will discuss a few that are interesting to me and expand on them if possible.
Position, navigation and timing (PNT)
Losing connection with ships, aircraft, carriers etc. in conflict due to interference to their navigation systems.
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 17
Any service interruptions to position, navigation, and timing systems directly impact the ability for multiple systems to operate correctly. As the quote states, loss of communication or interruption of service with PNT systems can directly impact your ability to command and control your forces. This can be taken a step further by entering the communications channel and feeding false data to warships. Denying or degrading access to such systems is a core goal of information warfare and possibly using such methods to pivot into feeding false data and luring a force into a trap is core to the corruption of information in information warfare.
This threat is being taken so seriously by the US military that the US Navy has brought back the use of the Sextant for Celestial Navigation, directly citing the risks of cyber attacks, as well as things like lightning strikes. The US Air Force has several Inertial Navigation Systems and Astro-Inertial Navigation Systems, in a range of aircraft including the B-1, B-2, RC-135, and F-35 as well as possibly the RQ-180 drone and it is believed that the upcoming B-21 will also have such a system. To ensure that in the event of nuclear war that ICBMs and SLBMs can navigate, the US land-based Minuteman-III has an Inertial Navigation System and the Trident D5 SLBM has an Astro-Inertial Navigation System.
Intelligence, surveillance and reconnaissance (ISR)
Loss of situational awareness in peacetime and at times of conflict, resulting in faulty decision-making.
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 18
Having an Information Advantage relies on your ability to collect intelligence for processing, exploitation, and analysis. If you can degrade or deny a nation's ability for getting the data or corrupt the data they get, you will impact their ability to command and control troops, make good decisions, and also shrink the information environment they have. This in essence is the goal of Information Warfare.
Missile defence
Cyberattacks on missile defence could occur in the form of spoofing, thus deceiving the ballistic missile command system
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 18
The US operates a satellite constellation called Space-Based Infrared System or SIRBS which has the main goal of using infrared sensors to detect the launch of all kinds of missiles from tactical systems such as an SS-1 Scud missile all the way up to the biggest ICBMs like the SS-18 Satan or the SS-X-30 Satan II.
If an adversary were to take control of the constellation it would deny the US access to missiles being fired at them on any scale on conflict and if there is no warning to run for a bunker or away from an area it could result in massive casualties. Even if only a few are taken control of and the US is either denied access to these satellites, or the data is corrupted by displaying a 'false sky picture' of the battlespace, it would reduce the time to act in the event of a tactical or nuclear first strike.
Communications
Losing communication systems or receiving spoofed data, thus compromising the integrity of information received.
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 18
The US operates a communication network for battalions in the field called the Joint Network Node or JNN. The system provides a connection over satellite communications to achieve their networking beyond the local area they are in. The 11th slide gives a breakdown of the full networking capabilities of the system, which includes access to secret data networks such as SIPRnet and NIPRNet as well as other systems like video conferencing and VOIP connections. Any impact on the space-based assets that allow communication would directly impact the information environment that on-the-ground battlefield commanders have.
Space situational awareness
Loss of control or destruction of satellite control systems through the targeting of those systems or of mission packages by cyberattacks
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 18
As I mentioned several times, and have shown evidence, there is a significant risk that control could be lost of various space-based assets. The European Space Agency showed that sensors can be destroyed, permanently degrading the capability of the sensor. If the satellite is in Low Earth Orbit, with full control of the satellite, one could deorbit it either into the atmosphere or ruin its orbit entirely, rendering it useless.
Though if you have control of the satellite, you could also corrupt data on the system to make GPS targets change since they rely on very precise timing and make guided munitions land off-target. Or simply, you could attempt to lock a nation out of its system and deny its use entirely.
Environmental monitoring
Weather information is fundamental for land, air, and maritime domains. Cyberattacks on weather forecasting systems could impact on operational capacity.
Beyza Unal; Cybersecurity of NATO’s Space-based Strategic Assets, pp 18
Weather data has played an important part in military operations since the dawn of time with some notable examples being the Battle of Agincourt, where recent heavy rain, on ploughed fields made the French attack on English forces an extremely arduous and tiring task to traverse such terrain in full plate armor. And Operation Overlord in WW2 where the Normandy Landings were delayed by a day due to bad weather from June 4th to 6th. While the 6th didn't have the greatest weather, it was decided to take the chance and it proved to be the right call.
Since the weather has historically played a massive role in all domains of combat, being able to manipulate the weather data of an opponent would allow you to directly impact the decision making of the opponent and could be used for your attack or to stall an attack for some time to allow you to get a better defence setup. While the impact of this would not be as large as previously since we live in an era where infantry is mechanized, planes can fly in all weather and ships don't have the same issues that navies used to have with big gun combat, bad weather and the impacts it has on terrain can slow operations considerably as well as stopping some, such as amphibious and airborne landings.
Corrupt
To Corrupt is to insert false data. For example, the use of dummies on the battlefield is an Attack Measure against the Collection function. Intrusion into a communications channel and spoofing is another example. Psychological Operations (Psyops) is an example of Corrupting information being Stored in the protein processor (the human mind).
Col. Andrew Borden, USAF (Ret.); What is Information Warfare?
Spoofing
Operation Outside the Box
Operation Outside the Box was a raid on an undocumented nuclear facility, possibly a covert graphite reactor, in Syria by Israel in 2007. While the raid itself is interesting for multiple reasons such as the Iranian financing of the reactor, the deaths of multiple North Korean nuclear technicians or scientists in the raid or above all else the nuclear materials for the reactor came from North Korea, no, the most interesting part is how Israel used Electronic Warfare and possibly Cyber Warfare as part of the raid.
The raid required several Israeli aircraft to penetrate the airspace of Syria undetected to attack the facility. This happened in 2007 and the only nation in the world with stealth aircraft was the US with the F-117 and F-22 fighters and the B-2 Bomber. Israel used what they had, F-15's and F-16's for the raid along with electronic warfare aircraft. The attack took place in four major stages.
The first stage was to take off from Ramat David Airbase and fly up the Syrian coast until they reached the Turkish-Syrian border where they attacked a radar site at Tall al-Abuad in Syria. It was attacked with electronic warfare techniques, most likely jamming and then bombed with precision-guided bombs to take out the site. This created an entry point in Syrian air defence for the planes to penetrate the airspace. Once in the airspace, the really interesting part of the attack could begin.
Almost immediately, the entire Syrian radar system went off the air for a period of time that included the raid, say U.S. intelligence analysts.
David A. Fulghum, Robert Wall and Amy Butler; Israel Shows Electronic Prowess
Through a combination of jamming the HF and VHF communication links that are used for the command and control of air defences, other unknown forms of electronic attack from the electronic warfare support aircraft and the "penetration through computer-to-computer links", the aircraft were able to transit the airspace undetected and bomb the suspected nuclear reactor. It is unknown if the "penetration through computer-to-computer links" is a form of cyber warfare or if computers were linked via the HF/VHF network and were vulnerable to jamming or electronic attack.
It is believed that the electronic warfare support aircraft were able to create a spoofed image of the skies above Syria in what is called a "false sky picture" so that even though the Israeli aircraft were transiting the airspace, all the radar saw was the electronically manipulated image of the sky, that was what the Israelis broadcast and what they wanted the Syrian's to see.
U.S. aerospace industry and retired military officials indicated today that a technology like the U.S. developed "Suter" airborne network attack system
...
The technology allows users to invade communications networks, see what enemy sensors see and even take over as systems administrator so sensors can be manipulated into positions so that approaching aircraft can't be seen, they say. The process involves locating enemy emitters with great precision and then directing data streams into them that can include false targets and misleading messages algorithms that allow a number of activities including control.
David A. Fulghum; Why Syria's Air Defenses Failed to Detect Israelis
Essentially invisible to air defences, the Israeli aircraft proceeded to the target where commandos used laser designators to illuminate the target to be destroyed. With the facility bombed and destroyed, it was time for the aircraft to head home via the route they came, still undetected.
The vast majority of the useful reporting on this comes from a fascinating article by David A. Fulghum, Robert Wall and Amy Butler called "Israel Shows Electronic Prowess" in Aviation Week which gives an account of the attack through the lens of electronic warfare.
Deception
Russian Military culture has other loves that artillery and one of those things is маскировка or maskirovka, literally disguise. It is their doctrine of deception and camouflage to deceive or deny information to an enemy and while there are many great conventional battles one can look at, even up to today, they have carried this thinking into the fifth domain and used it with great effect. I want to take a look at two examples;
Infrastructure Takeover
In 2019, it appears that a group known as Turla, believed to be Russian, appeared to hijack the infrastructure of APT34, an Iranian group, and then used it to deliver further malware to systems that APT34 had compromised. This may have gone unnoticed and Turla could have gotten free intelligence if it wasn't for their use of their tooling such as their custom version of Mimikatz, their packer and their custom windows service called Neuron. If this were to happen on a larger scale, repurposing existing tooling but sending the data to different command and control servers, you could muddy the waters of who is and who isn't hacking into your systems. Something the Symantec researchers who discovered this are well aware of;
Opportunistic sowing of confusion: If a false flag operation wasn’t planned from the start, it is possible that Waterbug discovered the Crambus intrusion while preparing its attack and opportunistically used it in the hopes of sowing some confusion in the mind of the victim or investigators. Based on recent leaks of Crambus internal documents, its Poison Frog control panel is known to be vulnerable to compromise, meaning it may have been a relatively trivial diversion on the part of Waterbug to hijack Crambus’s infrastructure. A compromise conducted by one threat actor group through another's infrastructure, or fourth party collections, has been previously discussed in a 2017 white paper by Kaspersky researchers.
Symantec DeepSight Adversary Intelligence Team; Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
OlympicDestroyer
OlympicDestroyer while not a particularly interesting piece of malware in many senses as it was just a tool used to gains access to networks via phishing and wipes the Domain Controllers within Windows environments. The two things that stood out about it were that it was a petty attack by Russia's GRU Unit 74455 or Sandworm, in retaliation for the slight of being banned from competition for systematic, state-sponsored doping at the 2014 Winter Olympics. And the second is the malware had a never before seen level of deception, that went so far that it was described by one person who worked on it that it was psychological warfare;
In fact, all those contradictory clues seemed designed not to lead analysts toward any single false answer but to a collection of them, undermining any particular conclusion. The mystery became an epistemological crisis that left researchers doubting themselves. “It was psychological warfare on reverse-engineers,” says Silas Cutler, a security researcher who worked for CrowdStrike at the time. “It hooked into all those things you do as a backup check, that make you think ‘I know what this is.’ And it poisoned them.”
Andy Greenberg; The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
At first, a lot of eyes were on North Korea since there's some history between North and South Korea. But others look at Russia since they did have that doping ban... But then eyes turned to China as there was code used only by Chinese hackers. You couldn't be quite sure who was doing it. Russia was next to have the finger pointed at them when Cisco's Talos Group found a password-stealing tool that looked like NotPetya and Bad Rabbit, but it wasn't the same as those tools, more a rewritten version of the code.
The wiper component of the malware had some of the same code that BAE Systems had found the Lazarus Group, out of North Korea, had used for their wiper and it had the same method of wiping which is extremely distinct by deleting the first ox1000kb, or 4096kb of a file. Next Intezer found that part of the password-stealing code came from the Chinese group known as APT3 and Crowdsitrke connected parts of the code to XData malware used by Russian carding gangs.
Running out of idea's a Kaspersky researcher tried to look at the rich header of the malware to see if any details on the authors could be grasped at and he found that it had the same header as Lazarus Group, but on further analysis, he also pointed out that this couldn't possibly be the case and that the header was forged to match Lazarus Group.
Next up, a researcher at FireEye had the novel idea that instead of looking at the malware itself, why not look at the delivery method for clues as to who the attacker was. In essence what he did was take the infected attachment, look at the characteristics it has and try and match it to other malicious documents FireEye had and noticed that the same method was used to attack multiple Ukrainian targets over the previous few months. But the real break was when he looked at the IP address that served up the malware and the domain name that hosted it, account-loginserve.com.
This domain was responsible for Russian hacking of the State Board's of Election in the 2016 US Presidential Election. But not only that, the US DoJ, in their indictment of GRU Unit 74455, created a link between the operations of Russian Intelligence and the work of Sandworm.
In an interview on Darknet Diaries, Jack Rhysider and Andy Greenberg do a fantastic job of breaking down the whole hack and it's a wild ride! And Andy's reporting and book is an invaluable source of information on anything related to Sandworm.
Exploit
To Exploit is to Collect against the adversary’s Movement of Data. This increases the data available for friendly Situation Assessment and makes the generation of friendly Information more efficient.
Col. Andrew Borden, USAF (Ret.); What is Information Warfare?
This definition troubles me. I am used to exploitation in cyber terms, but Information Warfare did not spawn from cyber, it came before cyber and comes from the murky world of intelligence. I have struggled to get my mind used to this concept as in some ways it makes absolute sense, but in others, the language used around it is so specific to militaries that it is nearly a different dialect. The first useful pseudo definition I found comes from a paper I found on the US military's Defence Technical Information Center;
Information technology is already tightly woven with our military operations, providing heretofore unimaginable amounts of information. Exploiting this information has provided us striking capabilities; relying on it inevitably creates potentially crippling vulnerabilities. This, coupled with advances in the ability -to both locate and destroy command and control (C2) nodes makes C2, more than ever, a lucrative target set. History has shown successful militaries can achieve striking success through paralyzing the enemy's ability to exercise command and control.
Unknown US Air Force Author; Cornerstones of Information Warfare, pp 10
And the second I found comes from a supplemental document to JP-3-13 from the US Air Force on Information Operations;
Predictive Battlespace Awareness
Effective IO depends upon a successful PBA. As a maturing concept, PBA is “knowledge of the operational environment that allows the commander and staff to correctly anticipate future conditions, assess changing conditions, establish priorities, and exploit emerging opportunities while mitigating the impact of unexpected adversary actions" (Air Force Pamphlet 14-118).
Unknown US Air Force Author; Information operations, pp 41
From this, I gather that "Exploitation" in Information Warfare terms, that in the intelligence decision loop of Planning and Directing, Collection, Processing and Exploitation, Analysis and Production, Dissemination and Integration, and Evaluation and Feedback (pp 31-33), Exploitation is the processing of gathered data on an adversary to allow for analysis to find a weakness. In the conventional world of cyber, a decision loop such as the Cyber Kill Chain, Exploitation is the running of weaponised code on a victims device. While they use the same terminology, they have different meanings.
From the perspective of conventional cyber thinking, it is better to look at exploitation as a step in the Reconnaissance phase of the Cyber Kill Chain where it is more related to the research, identification and selection of targets from the processed return of data. If you think about it in terms of nmap
returns, from the intelligence perspective, Processing and Exploitation is automated away in the background as data is collected and you are then presented with data that can immediately be analysed rather than looking at the raw returns of the scan.
Large Electronic Signatures
A great example of how data could be exploited in the field is to take advantage of the large electronic emissions of modern battle formations. The use of radio', GPS and other space and the growth of active and passive protection system on land vehicles use a range of infrared and radar emitters to detect and defeat incoming projectiles, all give off signatures that can be detected and used against you. While these systems have an effective range, the electronic emissions can travel much further beyond their usable or effective range.
A great example of this happened in 2020 when the commander of the US 11th Armored Cavalry Regiment, Colonel Scott Woodward, chimed in on a discussion on Twitter about the efficacy of modern visible camouflage methods. While he did have ideas about how to use such systems effectively, he shared a much more interesting piece of information about the electronic signature of forces during a training exercise;
The systems that did the Processing and Exploitation of data were able to create the above image which could be used by an analyst to determine the structure and size of a force and the best way to attack such a force. This the information advantage I mentioned previously that the US is looking for in its doctrine. You may not be able to see the forces with the good aul Mk. 1 Eyeball or night vision goggles, but you don't need to when you can see them in other ways. This could be through the use of infrared emissions or in this case the electronic signature of the forces.
As Col Woodward went on to mention, this was a battalion strength force, of between 300 and 1000 troops spread over an area that is roughly 6 km2, judging from comparison with satellite imagery, and included the units support units which he referred to as "trains". The opposing force he was fighting against was able to detect him at up to 12 km away from the electronic signatures his battalion emitted alone.
To give an example of the use of such information in combat, Russia for example has multiple systems currently in use that are capable of radio direction finding which can give a commander a bearing to a target or a range within which the target is based. If they have enough MASINT about the emitting source an analyst may also be able to gauge a distance to the target based on the signal strength. If an area can be narrowed down from doing this analysis on exploited information, a commander may be able to draw up a fire plan to be able to deal with their enemy without their enemy knowing they are seen and in danger until the first shots are fired or the first bombs drop.
Deny
To Deny means to deny completely by a direct attack on the means of accomplishment. The use of a High Energy Laser to blind or destroy an electro-optic sensor is an example of denial by direct attack. Another example is a virus that destroys operating systems in a computer used to do Situation Assessment.
Col. Andrew Borden, USAF (Ret.); What is Information Warfare?
Suppression of Enemy Air Defenses (SEAD)
On the 20th of June 2019, the IRGC shot down an American RQ-4 Global Hawk drone that Iran contends violated Iranian airspace in the Strait of Hormuz. Iran used سوم خرداد or a 3rd Khordad, sometimes called a Sevom Khordad, air defence missile system.
In response to this, POTUS ordered a mix of kinetic and non-kinetic fires against these systems, but called off the kinetic ones, to keep things below the threshold of armed attack. The New York Times reported that multiple systems were targeted, they mention an additional attack;
An additional breach, according to one person briefed on the operations, targeted other computer systems that control Iranian missile launches.
Julian E. Barnes and Thomas Gibbons-Neff; U.S. Carried Out Cyberattacks on Iran
It would appear that US Cyber Command carried out this attack and it was their first since they became a full combat command. Given that they were able to attack what appears to be the command and control computers of a battery, this is effectively the suppression of enemy air defences and done in a way that doesn't put Wild Weasel crews or aircraft at risk. It is unclear if the attack was against a single battery, multiple independent batteries or against a battalion of batteries though, which could have wide-ranging consequences if the battalion command and control vehicle's systems were targeted;
The C2 unit provides communication between Sevom Khordad batteries. Furthermore, the C2 unit can connect other air defense systems of the Raad family, including Raad and Tabas, into a single air defense network. This allows to cover large area and targets can be engaged with a wide range of missiles from the cheapest Taer-1 missiles to the most capable Taer-2s. This adds the capability of facing different types of threats with different types of interceptors. In case of heavy jamming when even the X-band engagement radar can’t handle its duty, the C2 unit can provide an additional data link, connecting the system to electro-optical engagement systems of Raad batteries, in order to guide missiles toward targets.
Ehsan Ostadrahimi; Sevom Khordad - Medium-range air defense missile system
NITROZEUS
NITROZEUS is a strategic cyber attack planned by the US in the event that Stuxnet failed, or that the Joint Comprehensive Plan of Action failed to be agreed and Israel decided that they were going to war with Iran. It was uncovered by documentarian Alex Gibney as part of the research for his documentary film about Stuxnet, Zero Days with subsequent reporting coming in not long after from Business Insider and the New York Times. Little is known about NITROZEUS beyond what these sources have reported.
What is known is that the program did exist, it existed to give the POTUS options short of war, that it was designed to use Information Warfare techniques to target the air defences, as was demonstrated by Sevom Khordad attack above, possibly to give the US and Israel air control over Iran, but also to go a step further and target many civilian systems most of which could be considered legitimate targets in the event of war;
I mean you've been focusing on Stuxnet. That was only a smaller part of a much larger Iranian mission. NITROZEUS. NZ. We spent hundreds of millions, maybe billions on it. In the event that the Israeli's did attack Iran, we assumed we would be drawn into the conflict.
We built in attacks on Iran's command and control system so that the Iranian's couldn't tralk to each other in a fight. We infiltrated their IADS (Integrated Air Defense System), military air defence systems, so they couldn't shoot down our planes if we flew over.
We also went after their civilian support systems. Power grids, transportation, communications, financial systems. We were inside, waiting, watching, ready to disrupt, degrade and destroy those systems with cyber attacks. In comparision, Stuxnet was a back alley operation. NZ was the plan for a full scale Cyber War, with no attribution.
Testimony of several NSA and CIA members who worked on NITROZEUS; Zero Days documentary @ 01:45:20
While in any event this would have been an amazing success, strictly in military terms, and mimicked many of the idea's in Operation Desert Storms' air campaign, it would have been a modernised version of it, updated for the 21st century, using only cyber rather than stealth aircraft and electronic warfare. Though the impacts of these actions were not lost on the people who developed NITROZEUS and some of them were not happy about the possible humanitarian impacts of the use of Information Warfare on such a huge scale;
Everyone I know is basically thrilled with the Iran deal. Sanctions and diplomacy worked. But behind that deal is a lot of confidence in our cyber capability. We were everywhere inside Iran, still are. I'm not going to tell you the operational details of what we can do going forward or where. But the science fiction cyber war scenario is here. That's NITROZEUS.
But my concern, and the reason that I'm talking, is that when you shut down a contries power grid, it doesn't just pop back up, it's more like humpty dumpty. If all the kings men can't turn the lights back on, or filter the water for weeks, then lots of people die. And something we can do to other, they can do to us too.
Is that something we should keep quiet? Or should we talk about it?
Testimony of several NSA and CIA members who worked on NITROZEUS; Zero Days documentary @ 01:49:50
This is probably the scenario most people think about when they think about "Cyber War" and it maybe best describes why Information Warfare and Cyber Warfare should be better-discussed topics in the light of day, rather than the shadows they reside in now. It presents strategic and possibly existential threats to states. Though I think this is better left to a case study I have an idea for later.
The Cyber-Physical Impact
The thing to understand about Information Warfare is that an idea like hacking or the concept of Cyber where you limit one's thinking to digital systems, rather than the broader spectrum of systems that computers interact with such as Operational Technology systems like valves, motors, solenoids etc, or the RF Spectrum. Computers control and interact with systems that do much more than the computer itself as Bruce Schneier once pointed out;
As the chairman pointed out, there are now computers in everything. But I want to suggest another way of thinking about it in that everything is now a computer: This is not a phone. It’s a computer that makes phone calls. A refrigerator is a computer that keeps things cold. ATM machine is a computer with money inside. Your car is not a mechanical device with a computer. It’s a computer with four wheels and an engine…
Part of Bruce Schneier's tetimony to the House of Representatives, Subcommittee on Communications and Technology, Joint with Subcommittee on Commerce, Manufacturing, and Trade, Committee on Energy and Commerce; Understanding the Role of Connected Devices in Recent Cyber Attacks, pp 27
In every aspect that I can conceive, or that has occurred previously, an Information Warfare technique has involved the meshing of some form of manipulating the inputs and outputs of a computer to achieve an objective. This could be the returns of a radar, the varying levels of Chlorine used to make clean drinking water or listening to RF outputs of systems to locate them in a physical place. This is where, at least in part, the future of combat lies, because when everything became computers, so computers became everything.
From the military perspective, this means that Information Warfare is a series of tactics, techniques and procedures that a commander can utilise in combat as either a form of fire to gain fire superiority, or as a toolkit for intelligence collection and processing to gain an Information Advantage over an adversary and use this advantage to make quicker and better decisions. Regardless of the way it is used, its targets will be information systems attacked so they can be used as force multipliers to accomplish missions.
The missions can vary from attacks on information systems like that of Stuxnet, malware that just attacked information systems to damage or destroy centrifuges at the Natanz Enrichment Complex in Iran, or it can be as I discussed earlier in this piece, attacks using planes doing bombing runs and strafing on fiber optic cable installations to prevent coordinated air defences over a country.
Acknowledgments
Cheers to Ben, the editor 😂, Jack, Sam and Tangui for their help on understanding Soviet artillery doctrine better, Jack again for his just generally amazing knowledge of military operations, Tyler, Dakota and Toby for helping me better understand the intelligence cycle and Zach for providing some sources I couldn't find elsewhere and finally to Zach again and Tinfoil for being great people to bounce ideas off of and help me better develop some of these ideas. A special thanks to Andrew, Toby and Issi for help in seeing though the fog of Dyslexia. And finally, a thanks to the many, many more Wonks for the discussions on the various cyber and information warfare aspects.