Platt Perspective on Business and Technology

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 15

This is my 15th installment to a series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Ubiquitous Computing and Communications – everywhere all the time 2 and its Page 3 continuation, postings 354 and loosely following for Parts 1-14.)

My goal for this installment is to reframe what I have been offering up to here in this series, and certainly in its most recent postings up to now. And I begin that by offering a very specific and historically validated point of observation (that I admit up-front will have a faulty assumption built into it, that I will raise and discuss later on in this posting):

• It can be easily and cogently argued that the single greatest mistake that the civilian and military leadership of a nation can make, when confronting and preparing for possible future challenge and conflict,
• Is to simply think along familiar lines with that leading to their acting according to what is already comfortable and known – thinking through and preparing to fight a next war as if it would only be a repeat of the last one that their nation faced
• And no matter how long ago that happened, and regardless of whatever geopolitical change and technological advancement might have taken place since then.
• Strategic and tactical doctrine and the logistics and other “behind the lines” support systems that would enable them, all come to be set as if in stone: and in stone that was created the last time around in the crucible of their last conflict. And this has been the basic, default pattern followed by most and throughout history.
• This extended cautionary note applies in a more conventional military context where anticipatory preparation for proactively addressing threats is attempted, and when reactive responses to those threats are found necessary too. But the points raised here are just as cogently relevant in a cyber-conflict context too, or in a mixed cyber plus conventional context (as Russia has so recently deployed in the Ukraine as its leadership has sought to restore something of its old Soviet era protective buffer zone around the motherland if nothing else.)
• History shows more leaders and more nations that in retrospect have been unprepared for what is to come, than it does those who were ready to more actively consider and prepare for emerging new threats and new challenges, and in new ways.
• Think of the above as representing in outline, a strategic doctrine that is based on what should be more of a widening of the range and scope of what is considered possible, and the range and scope of how new possibilities might have to be addressed, but that by its very nature cannot be up to that task.

To take that out of the abstract, consider a very real world example of how the challenges I have just discussed, arise and play out.

• World War I with its reliance on pre-mechanized tactics and strategies, with its mass frontal assault charges and its horse cavalry among other “trusted traditions,” and with its reliance on trench warfare to set and hold front lines and territory in all of that:
• Traditions that had led to horrific loss of life even in less technologically enabled previous wars such as the United States Civil War,
• Arguably led to millions of what should have been completely avoidable casualties as foot soldiers faced walls of machinegun fire and tanks, aircraft bombardment and aerial machinegun attack and even poison gas attacks as they sought to prevail through long-outmoded military practice.

And to stress a key point that I have been addressing here, I would argue that cyber attacks and both as standalone initiatives and as elements in more complex offensives, hold potential for causing massive harm and to all sides involved in them too. And proactively seeking to understand and prepare for what might come next there, can be just as important as comparable preparation is in a more conventional warfare-oriented context. Think World War I if nothing else there, as a cautionary note example of the possible consequences in a cyber-theatre of conflict, of making the mistakes outlined in the above bullet pointed preparation and response doctrine.

Looking back at this series as developed up to here, and through its more recent installments in particular, I freely admit that I have been offering what might be an appearance of taking a more reactive and hindsight-oriented perspective here. And the possibility of confusion there on the part of a reader begins in its Part 1 from the event-specific wording of its title, and with the apparent focus on a single now historical event that that conveys. But my actual overall intention here is in fact more forward thinking and proactively so, than retrospective and historical-narrative in nature.

That noted, I have taken an at least somewhat historical approach to what I have written in this series up to here and even as I have offered a few more general thoughts and considerations here too. But from this point on I will offer an explicitly dual narrative:

• My plan is to initially offer a “what has happened”, historically framed outline of at least a key set of factors and considerations that have led us to our current situation. That will largely follow the pattern that I have been pursuing here and certainly as I have discussed Russia as a source of working examples in all of this.
• Then I will offer a more open perspective that is grounded in that example but not constrained by it, for how we might better prepare for the new and disruptively novel and proactively so where possible, but with a better reactive response where that proves necessary too.

My goal in that will not be to second guess the decisions and actions of others, back in 2016 and leading up to it or from then until now as of this writing. And it is not to offer suggestions as to how to better prepare for a next 2016-style cyber-attack per se and certainly not as a repeat of an old conflict, somehow writ new. To clarify that with a specific in the news, current detail example, Russian operatives and others who were effectively operating under their control for this, hacked Facebook leading up to the 2016 US presidential and congressional elections, using armies of robo-Facebook members: artifactual platforms for posting false content, that were set up to appear as coming from real people and from real American citizens in particular. Facebook has supposedly tightened its systems to better identify and delete such fake, manipulative accounts and their online disinformation campaigns. And with that noted, I cite:

In Ukraine, Russia Tests a New Facebook Tactic in Election Tampering.

Yes, this new approach (as somewhat belatedly noted above) is an arms race advancement meant to circumvent the changes made at Facebook as they have attempted to limit or prevent how their platform can be used as a weaponized capability by Russia and others as part of concerted cyber attacks. No, I am not writing here of simply evolutionary next step work-arounds or similar more predictable advances in cyber-weapon capabilities of this type, when writing of the need to move beyond simply preparing for a next conflict as if it would just be a variation on the last one fought.

That noted, I add that yes, I do expect that the social media based disinformation campaigns will be repeated as an ongoing means of cyber-attack, and both in old and in new forms. But fundamentally new threats will be developed and deployed too that will not fit the patterns of anything that has come before. So my goal here is to take what might be learnable lessons from history: recent history and current events included, combined with a consideration of changes that have taken place in what can be done in advancing conflicts, and in trends in what is now emerging as new possibilities there, to at least briefly consider next possible conflicts and next possible contexts that they might have to play out in. My goal for this series as a whole is to discuss Proactive as a process and even as a strategic doctrine, and in a way that at least hopefully would positively contribute to the national security dialog and offer a measure of value moving forward in general.

With all of that noted as a reframing of my recent installments to this series at the very least, I turn back to its Part 14 and how I ended it, and with a goal of continuing its background history narrative as what might be considered to be a step one analysis.

I wrote in Part 13 and again in Part 14 of Russia’s past as a source of the fears and concerns, that drive and shape that nation’s basic approaches as to how it deals with other peoples and other nations. And I wrote in that, of how basic axiomatic assumptions that Russia and its peoples and government have derived from that history, shape their basic geopolitical policy and their military doctrine for now and moving forward too. Then at the end of Part 14 I said that I would continue its narrative here by discussing Vladimir Putin and his story. And I added that that is where I will of necessity also discuss the 45th president of the United States: Donald Trump and his relationship with Russia’s leadership in general and with Putin in particular. And in anticipation of this dual narrative to come, that will mean my discussing Russia’s cyber-attacks and the 2016 US presidential election, among other events. Then, as just promised here, I will step back to consider more general patterns and possible transferable insights.

Then I will turn to consider China and North Korea and their current cyber-policies and practices. And I will also discuss current and evolving cyber-policies and practices as they are taking shape in the United States as well, as shaped by its war on terror among other motivating considerations. I will use these case studies to flesh out the proactive paradigm that I would at least begin to outline here as a goal of this series. And I will use those real world examples at least in part to in effect reality check that paradigmatic approach too, as I preliminarily offer it here.

And with that, I turn back to the very start of this posting, and to the basic orienting text that I begin all of the installments to this series with. I have consistently begun these postings by citing “cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations. To point out an obvious example, I have made note of the internet of things 15 times now in this way, but I have yet to discuss it at all up to here in the lines of discussion that I have been offering. I do not even mention artificial intelligence-driven cyber-weaponization there in that first paragraph opening text, where that is in fact one of the largest and most complex sources of new threats that have ever been faced and at any time in history. And its very range and scope, and its rate of disruptively new development advancement will probably make it the single largest categorical source of weaponized threat that we will all face in this 21st century, and certainly as a source of weaponized capabilities that will be actively used. I will discuss these and related threat sources when considering the new and unexpected and as I elaborate on the above noted proactive doctrine that I offer here.

And as a final thought here, I turn back to my bullet pointed first take outline of that possible proactive doctrine, to identify and address the faulty assumption that I said I would build into it, and certainly as stated above. And I do so by adding one more bullet point to that initial list of them:

• I have just presented and discussed a failure to consider the New when preparing for possible future conflict, and its consequences. And I prefaced that advisory note by acknowledging that I would build a massive blind spot built into what I would offer there. I have written all of the above strictly in terms of nations and their leaders and decision makers. That might be valid in a more conventional military sense but it is not and cannot be considered so in anything like a cyber-conflict setting, and for either thinking about or dealing with aggressors, or thinking about and protecting, or remediating harm to victims. Yes, nations can and do develop, deploy and use cyber-weapon capabilities, and other nations can be and have been their intended targets. But this is an approach that smaller organizations and even just skilled and dedicated individuals can acquire, if not develop on their own. And it is a capability that can be used against targets of any scale of organization from individuals on up. That can mean attacks against specific journalists, or political enemies, or competing business executives or employees. It can mean attacks against organizations of any size or type, including nonprofits and political parties, small or large businesses and more. And on a larger than national scale, this can mean explicit attack against international alliances such as the European Union. Remember, Russian operatives have been credited with sewing disinformation in Great Britain leading up to its initial Brexit referendum vote, to try to break that country away from the European Union and at least partly disrupt it. And they have arguably succeeded there. (See for example, Brexit Goes Back to Square One as Parliament Rejects May’s Plan a Third Time.)

If I were to summarize and I add generalize this first draft, last (for now) bullet point addition to this draft doctrine, I would add:

• New and the disruptively new in particular, break automatically presumed, unconsidered “axiomatic truths,” rendering them invalid moving forward. This can mean New breaking and invalidating assumptions as to where threats might come from and where they might be directed, as touched upon here in this posting. But more importantly, this can mean the breaking and invalidating of assumptions that we hold to be so basic that we are fundamentally unaware of them in our planning – until they are proven to be wrong in an active attack and as a new but very real threat is realized in action. (Remember, as a conventional military historical example of that, how “everyone” knew that aircraft launched anti- ship torpedoes could not be effectively deployed and used in shallow waters as found in places such as Pearl Harbor – until, that is they were.)

And with that, I will offer a book recommendation that I will be citing in upcoming installments to this series, adding it here in anticipation of doing so for anyone interested:

• Kello, L. (2017) The Virtual Weapon and International Order. Yale University Press.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time 3, and at Page 1 and Page 2 of that directory. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: