Platt Perspective on Business and Technology

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 13

Posted in business and convergent technologies, social networking and business by Timothy Platt on January 3, 2019

This is my 13th installment to a series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Ubiquitous Computing and Communications – everywhere all the time 2 and its Page 3 continuation, postings 354 and loosely following for Parts 1-12.)

I have been discussing a briefly stated list of topics points in this series in recent installments, that I repeat here as I turn to its third entry, and with a goal of more systematically exploring specific case in point examples:

1. I offered and then began expanding upon a basic if perhaps simplistic outline of a problem that we are all increasingly facing as new cyber technologies and new ways of using them, are turned to societally disruptive purposes, and in ways that are seemingly impossible to address proactively – leaving only more reactive, catch-up alternatives. That seeming impossibility of advancing cyber-security to a more proactive footing, has at least become an all but axiomatically assumed starting point for thought and action and for essentially all actively involved parties in this.
2. And I outlined an at least preliminary cartoon-formatted approach to addressing that challenge, which I have already indicated to be inadequate and certainly for moving past reactive responses, from how it limits consideration of the levels and types of organizational involvement that might be required.
3. And I have offered at least a brief list of working example case studies for discussion in this context. As a part of that, I have already raised and selectively discussed Stuxnet and its use in an attack against Iran’s nuclear weapons development program in Part 12, and have proposed discussing China’s and North Korea’s use of weaponized cyber-technology, as well as Russia’s growing use of this, and their reliance upon it as a means of muscled diplomacy. At the end of Part 12, I said that I would address Russia as a next example here, and I will do so, proceeding from there to more fully consider China and North Korea too. And I will also offer some thoughts as to the cyber-defense (and offense) systems that have been developed in the United States as well, and particularly in recent years. My goal in offering these case in point examples is to more fully analyze and discuss the precise nature of the basic problem faced here (as per Point 1 of this list), and ideally in operationally meaningful terms that would suggest better ways to deal with it (as called for in Point 2) – improving on the first-take cartoon remediation approach that I have offered up to here in this series, for doing so.

I begin discussing Russia’s development and deployment of weaponized cyber-capabilities, with a crucial point regarding the earlier, US and Israeli created and launched Stuxnet, as that has opened the door for all that has followed. The United States and Israel developed and used this weapon against a shared adversary in order to delay if not forestall Iran from developing a nuclear weapons capability that both nations saw as creating an existential threat, and certainly to Israel. This was their justifying reasoning, and I am not in fact going to argue against it as being unwarranted. Iran, and certainly the Iran of that time was virulently threateningly opposed to Israel, and I add to the United States and a number of other nations as well, that their zealot religious leadership saw as enemies of them and enemies of their conception of god. But as I noted in Part 12:

• Need and justification for pursuing and developing and even using cyber-weapons, is entirely in the eye of the beholder. And crucially importantly, that means that what is and is not sufficient justification to merit the development and use of these weapons capabilities, ultimately rests on the judgment of those who would seek to build and hold them. It rests in their hands – at least until after the fact if those weapons are in fact deployed and used. And it remains there unless and until such weapons are used and response to them would have to be mounted reactively. (Yes, there are some assumptions embedded in this bullet pointed assertion that I will return to later in this series, and not just when considering more proactive policy and action possibilities. But this approach as offered here, is pretty much our current reality and globally so as nations deal with other nations.)

Returning to the specific case in point example of Stuxnet from that more general point of consideration, the United States and Israel had what they saw as undeniably justifying reasons for developing and using weaponized software against another nation and they acted accordingly – through what turned out to be a short-term solution to what in fact was and is a long-term problem. And they in effect, opened Pandora’s box in doing so, and particularly as Russia, and I add here China and North Korea and others, have found their own justifications for following a parallel if not entirely similar path, and with the development and active use of Stuxnet as a source of justifying precedent.

Let’s start considering Russia’s and Vladimir Putin’s actions where weaponized cyber-capabilities are concerned, by at least briefly considering their reasoning as to how and why this would be both justified and even necessary for them. What shapes and drives their “sufficient justification” for this type of course of action? What is Vladimir Putin’s Russia’s counterpart to a perceived need to launch a Stuxnet attack against a threatening foreign power: a religiously extremist Iran with nuclear weapons, that would prompt and justify their taking the actions that they have?

• To put what follows in perspective here, as a working example that sheds light on more general principles, I note that it is going to be inherently impossible to step ahead of unfolding events and address cyber-threats proactively if you only focus on what adversaries and potential adversaries do. If you do that, you wait until they have already at least in large part completed developing the weaponized cyber-capabilities that they might deploy against you, your allies or both.
• Proactive here, fundamentally requires an ongoing proactive effort to understand the reasoning and motivation that might lead an adversary or potential adversary to pursue cyber-weapons technologies and their use in the first place.
• If you know what concerns and fears drive them, this can and will offer you insight into their likely perceived threat-response doctrines and their more likely approaches taken for fulfilling them.
• And I add in this context that cyber-weapons are among the most appealing options faced where an adversary or potential adversary sees a genuine need for either an at least short-term stealthy weapon that they can plausibly deny having launched,
• Or a need for a weapons capability that would benefit them in an asymmetric conflict where their enemies might be able to launch highly damaging or even devastating retaliatory attacks against them in a more conventional conflict scenario.

I begin addressing Russia and its current development and use of cyber-weapons by at least briefly discussing something of their Why for that course. What are the existential-threat justifications and reasoning for pursuing and using a cyber-warfare capability, as Russia’s leadership and in fact most their general population have generally seen matters?

I begin addressing that question by raising a point of observation that I have at least touched upon in earlier postings to this blog: Russia’s long-standing fear of foreign aggression and invasion has been one of their driving forces behind their approach to other nations, and their diplomatic and other actions taken with regard to them and for centuries.

A perceived ongoing threat to their territorial integrity and to their nation from invasion has been a guiding consideration, and one of more than just historical interest in Russia, and from well before the advent of Communism, and its attempted fulfillment in a Soviet Union era Russia. More specifically, and to add an historical marker to this narrative here, this policy and practice-shaping fear did not begin with Communist Russia’s creation of the Warsaw Pact as an Eastern European buffer zone, to slow down or even block any possible repetition of the carnage from the West that the Soviet Union experienced during World War II, from Nazi Germany’s invasion of much of the Western half of their nation, with their Operation Barbarossa.

Russia has all but axiomatically assumed that would-be foreign invaders are just over the horizon, if not already visibly present and facing them, and for centuries from before the reign of Peter the Great (sole ruler of all of Russia from 1682 to his death in 1725).

The earliest such incursions, and certainly the earliest long-term, highly impactful ones that are generally noted in the historical records, date from the 9th to 11th centuries with invasions of what is now Kiev and its surrounding territories by Varangian Vikings. These incursions have been followed by a long succession of territorial conquests, or at least would-be conquests that have taken control of tracts of Russian soil, and for some of them for extended periods of time.

Consider, for example:

• TheMongol invasions in the 1200s,
• The Swedish invasion of Russian territory as carried out under the rule of their king, Charles XII,
Poland’s recurring invasions of Russian territory with Boleslaw I’s “intervention” of 1018 while Vikings were already invading and controlling parts of Russia, the Polish-Muscovite War of 1605-1618, and the Polish-Soviet War of 1919-1920. These three events only constitute more notably impactful incursions out of what is in fact a longer list of possible entries here, involving Polish incursion.
• And the Ottoman invasions of Russia of the 16th through 18th centuries.

These conflicts and more, as pressed upon Russia from the outside, come immediately to mind, as does the Napoleonic Invasion of Russia of 1812. And Nazi Germany’s invasion as noted above, has seared this ongoing source of concern into the minds and hearts of Russians everywhere, for the near annihilation of most all of Western Russia, and its agricultural base and food supply there and its basic infrastructure in all of its forms and functions throughout that vast region of Russia, and with that damage leading all the way east to the gates of Moscow itself, and with Russia as a whole facing some 27 million fatalities from that war.

All of this goes a long way towards explaining why Russia has traditionally acted in a manner that the people of most other nations would see as aggressive. From a behavioral science perspective, much of their active response in all of this, and both as reactive response and from when they have been able to mount anticipatory preemptive responses, has been shaped by the ongoing lessons of their history. And much if not most of this has taken forms that can perhaps best be called defensive aggression, or defensive agonistic behavior if you prefer a more general term. And my above-offered list of invasion events only skims the surface for the externally inflicted conflict that Russia has historically faced, only noting some of the historically larger, better known of such events here in this narrative that would inform and shape Russia’s ongoing and current policy and practices.

I am going to continue this narrative in a next series installment, where I will discuss Vladimir Putin and how he has turned this long-held Russian perspective to his own purposes as he advances his own ambitions. And in the course of that, I will at least briefly outline some of the high points for how Putin’s Russia has turned to cyber-weapons and their use, in order to advance Russian national causes and his own. In anticipation of that discussion to come, this will mean my discussing how the approaches developed and used in that ongoing effort, have their roots in the underling motivating drives – the prime driver for them that I have been addressing here of threat and fear of invasion definitely included. And I will add to that policy and action shaping motivator, at least a brief discussion of modern post-Communist Russia’s and post-Communist Vladimir Putin’s understandings of the perceived existential threats that they face, and the opportunities that they face too and how these shaping forces interrelate. Then, as promised above, I will turn to consider China and North Korea and their current cyber-policies and practices, and current and evolving cyber-policies and practices as they are taking shape in the United States as well, as shaped by its war on terror among other motivating considerations.

My goal in all of that is to use these case study examples to more fully explore and discuss the issues raised in topics Points 1 and 2 from the above list, and with a goal of offering at least a perspective on resolving the challenges that they offer as above-written.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time 3, and at Page 1 and Page 2 of that directory. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

One Response

Subscribe to comments with RSS.

  1. Alan Singer said, on January 3, 2019 at 7:06 am

    Remember the lesson of War Games. Make Facebook play Tic-Tac-Toe.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: