Monday, July 04, 2011

quick thought on cyberwarfare

one of the topics that keeps coming up in discussions of cyberwarfare is 'attribution'. that ability to know where an attack came from, who's responsible for it, etc. it keeps coming up because many of us recognize that it's very difficult to do with attacks in cyberspace.

this is a source of confusion for many because our model of warfare involves things like deterrence, counter attack, and appropriate response. without attribution these things aren't possible.

cyberattacks are often likened to missiles or other kinetic warfare weapons where attribution is a much more straightforward process - i think the confusion is rooted in this comparison. instead of thinking about overt warfare, cyberwarfare would be better likened to covert warfare - black ops, wet works, that sort of thing. there is no meaningful attribution with these sort of warfare and so there is no meaningful deterrence or response to such attacks. it is an area of warfare where there is attack without counter attack, where one attacks simply because it is strategically advantageous.

don't picture these so-called cyberweapons as being like electronic missiles that anyone can launch simply by pressing a button, that gives entirely the wrong sort of character to the topic. if you must consider them cyberweapons at all (ie. if you must focus on the tool instead of the attack itself) think of them as guns with silencers on them. or better yet, think of them as knives, used with surgical precision and giving away no clue to those in the vicinity where the attack came from.