Platt Perspective on Business and Technology

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 8

Posted in business and convergent technologies, social networking and business by Timothy Platt on March 10, 2018

This is my 8th installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 354 and loosely following for Parts 1-7.)

I focused in Part 7 on nation state players, and on how national governments and their agencies have been actively developing and live-fire testing offensive cyber-weapon capabilities. And I particularly stressed the significance of this real world testing for how it addresses uncertainties as to how or even whether completely new types of weapons would work if turned to in an active conflict. And I stress here, that such testing allows for weapons refinement. But more importantly, this type of validation increases the likelihood that such new technologies and their weaponized applications would actually be used. Testing use to validate, lowers the threshold of possibility and likelihood that new types of weapons will be used in more overt and open, large scale conflicts too.

I primarily focused on Russia and its activities in Part 7, for its recent activities in this arena. And I more briefly cited North Korean and United States activities in this too. Then at the end of that posting, and with those working examples in mind, I began addressing motivations: the more strategic level reasons and their underlying assumptions, that would both guide the weaponized development of cyber-capabilities and shape their likely use as such – and in both proof of principle test case application and in any actual larger-scale use that might follow that. And I begin addressing this complex of issues here, by offering three points of observation that I would suggest offer predictive value:

• The underlying assumptions that a potential cyber-weapon developer (and user) holds, shape their motivating rationale for developing (and perhaps actively deploying and using) these capabilities.
• The motivating rationales that are developed and promulgated out of that, both determine and prioritize how and where any new such weapons capabilities would be test used, and both in-house if you will, and in outwardly facing but operationally limited live fire tests.
• And any such outwardly facing and outwardly directed tests that do take place, can be used to map out and analyze both adversarial capability for the (here nation state) players who hold these resources, and map out the types of scenarios they would be most likely to use them in if they were to more widely deploy them in a more open-ended and large scale conflict.

Let me take that out of the abstract with a very real world example that goes back to before the advent of cyber-weapons per se. Japan actively started World War II in the Pacific theatre on December 7, 1941 with, among other military incursions its sneak attack on the US naval base at Pearl Harbor. The principle weapon deployed in this attack was a new variation of their Koku Gyorai, or Type 91 torpedo that could be launched from low-flying aircraft against ships – in this context, ships tied up in a particularly shallow harbor. And that is where this narrative dating to 1941 parallels the early 21st century threat theatre context that is more explicitly being considered here in this series.

Conventional aircraft launched torpedoes of the time, including earlier versions of the Type 91 torpedo, dove deep when first entering the water, to arc back up again to follow a track closer to the surface on the way to their targets. That might work and reliably so in deep open water, but Pearl Harbor was and still is a very shallow harbor, with little clearance between the hulls of ships that enter it, and the harbor bottom. Ships captains, or rather harbor pilots who have to navigate its waters to bring larger vessels in and out, have to follow the deeper water channel markers in the harbor with care there, to avoid grounding those vessels. So Japan’s older torpedo models that were in use up to then, and even older versions of their Type 91 torpedo itself, could not work in a place like Pearl Harbor as a source of threat or attack there. The Japanese found a more out of the way bay in their own territory that in many respects matched Pearl Harbor for its depth and that was large enough for their purposes, to test and refine a new shallow water torpedo design on. They never would have attempted using this new weapon design against enemy ships of a major potential adversary such as the United States and its navy, if they had not carefully tested it out and exhaustively so, to be sure that it could and would work as intended and not fail, leaving an enraged adversary militarily intact.

And with my above cyber-context bullet points in mind about assumptions, motivations and tests, I cite how events prior to December 7, 1941, including events that took place at Pearl Harbor itself, challenge the validity of claiming that the attack of that day was a complete surprise in principle, even if this particular attack was a surprise as a specific incident. There are a number of references that I could cite here in this respect but one that I find both concise and sufficiently inclusively detailed to explain and justify that is Gary Rethford’s piece: Pearl Harbor: a warning unheeded.

Japan felt hedged in and stymied, and with the United States in particular reaching out to deny it access to critical needs raw materials that it needed for its manufacturing base that it could not acquire except from foreign sources. And Japan was militarily expansionist with a dream that they were actively seeking to realize, of building a more extensive empire: their Greater East Asia Co-Prosperity Sphere. So in principle at least their basic assumptions and their motivations were known, and they in fact were even if not for their actionable implications by the planners who set policy and practice at Pearl Harbor in 1941. And specific proof of principle tests had been carried out and by the Japanese military, and even by US naval forces that showed Pearl Harbor’s vulnerabilities to aircraft carrier-based aerial attack. But no one in authority there saw, or even significantly gazed in the direction of the evidence that was mounting, that might suggest how Japan’s growing intent and its growing capabilities in this direction might be used, and in a large scale attack.

Hitler’s Germany tested their newly refurbished military and its industrial base in a “trial run” in Spain during its civil war, leading up to their full scale use of all of this in World War II in the European and African theatres and in the Middle East as well. Japan did its own tests too, and ones that went well beyond simply test firing some torpedoes in one of their own harbors. No one in authority saw the next-step implications of this while they were just that. And this brings me directly back to the test case incidents cited in Part 7 of this series, and my above noted bullet points.

• What vindicating lessons did Japan learn from its pre-Pearl Harbor attack that would justify its basic assumptions as being viable of support and action?
• What did they learn as to the feasibility of taking this war-commencing action, from their tests and from the evident blindness of the US government and its naval command to the risks it was facing?
• And now, what lessons have Russia, and I add North Korea and others learned from their cyber-weapons development programs and from their tests of these new capabilities?
• And what blindness will their assumptions in all of this, become evident in retrospect if these weapons are used again, and even just at the scale they have been used at up to now?

I offer this posting to highlight that the issues that I raise in this series are not just abstract and academic, or of only lower level and small-target concern. And with this note added to this developing narrative, I at least begin offering some thoughts as to how better to prepare and respond to the types of cyber-threats we see emerging around us. I will turn to that in my next installment to this series.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: