IP warfare vs. cyber warfare: One of these things is not like the other

Reading selil’s series on cyber warfare, this passage was striking:

Cyber warfare is conflict on the terrain of cyber space not on the Internet. As discussed in other sections the Internet is not the “all”. The global information grid inclusive of people through kinetic responses winding through the different communications technologies and mediums make up this inclusive cyber space. It is big.

Following this line of argument, in a previous foray (Maritime Strategy and Cyber Warfare) into cyber warfare, I overly identified cyber warfare with Internet Protocol (IP) warfare. Using selil’s broader definition, cyber warfare, involves any control infrastructure that can be subverted in ways that are contrary to the will of the control infrastructure’s de jure governing power. IP warfare involves any control system that can be subverted over and through TCP/IP. To reduce cyber warfare to IP warfare is like reducing warfare at sea to warfare in the Mediterranean Sea. Sure, a lot of naval warfare has been waged in the Mediterranean but it’s been waged in a lot of other places too.

Much of J.C. Wylie’s discussion of strategy in Military Strategy still applies to the broader field of cyber warfare, especially Wylie’s assertion that “The aim of war is some measure of control over the enemy“ along with his broader definition of strategy:

The primary aim of the strategist in the conduct of war is some selected degree of control of the enemy for the strategist’s own purpose; this is achieved by control of the pattern of war; and this control of the pattern of war is had by manipulation of the center of gravity of war to the advantage of the strategist and the disadvantage of the opponent.

The successful strategist is the one who controls the nature and the placement and the timing and the weight of the centers of gravity of war, and who exploits the resulting control of the pattern of war toward his own ends.

Some broader principles of cyber warfare might be:

  1. The primary goal is some measure of control over the enemy’s control infrastructure.
  2. The harvest reaped from achieving this control will be reaped in “meatspace“.
  3. To do this, access to their control infrastructure must be sought and maintained.
  4. Access will be through a variety of mediums, from people subverted by social engineering to direct network access.

As the goal is control, the levels of control that can be sought and achieved can be defined following the Unix permission model:

  1. Read: the power to extract knowledge from control infrastructure.
  2. Write: the power to modify the knowledge stored within control infrastructure.
  3. Execute: the power to control granted by control of control infrastructure.

These lead to six sub-levels of control, three negative and three positive. The negative and defensive sub-levels are:

  1. Prevent the enemy from extracting knowledge from your control infrastructure.
  2. Prevent the enemy from modifying the knowledge stored within your control infrastructure.
  3. Prevent the enemy from controlling you through control of your control infrastructure.

The positive and offensive sub-levels are:

  1. Get knowledge from the enemy’s control infrastructure.
  2. Modify the knowledge within the enemy’s control infrastructure.
  3. Control the enemy through control of their control infrastructure.

The goal of control is varied. It can be to spy, to deceive, to hurt, to disrupt, or to destroy. But, ultimately, the goal of control, as selil points out, is realizing something in meatspace.