Cyber WHAT? (part 1 of 2)

This is part one of a two part series on cyber space, cyber war and other concepts. 

Tune in to just about any AM radio talk show or Sunday morning news program and you are likely to hear the terms “cyber war,” “cyber terrorism,” and “cyber vandalism” bandied about in tones of grave solemnity, depicting some obscure but imminent danger that threatens our nation, our corporate enterprises, or even our own personal liberties. Stroll through the halls of a vendor expo at a security conference, and you will hear the same terms in the same tones, only here they are used to frighten you into believing your information is unsafe without the numerous products or services available for purchase.

The industry lacks a rubric of clear and standardized definitions of what constitutes cyber war, cyber terrorism, cyber espionage and cyber vandalism. Because of this, it’s becoming increasingly difficult for those of us in the profession to cut through the noise and truly understand risk. For example, on one hand, we have politicians and pundits declaring that the US is at cyber war with North Korea, and on the other hand we have President Obama saying the Sony hack was vandalism. Who’s right?

The issue is exacerbated by the fact that such terms are often used interchangeably and without much regard to their real-world equivalents.

This objective of this article is to find and provide a common language to help security managers wade through the politicking and marketing hype and get to what really matters.

The state of this wide world always has been and always will be one of constant conflict, and technological progress has extended this contention from the physical realm into the network of interconnected telecommunications equipment known as cyberspace. If one thinks of private-sector firms, government institutions, the military, criminals, terrorists, vandals and spies as actors, cyberspace is their theater of operations. Each of these actors may have varying goals, but they are all interwoven, operating within the same medium. What separates these actors and accounts for the different definitions in the “cyber” terms are their ideologies, objectives, and methods.

The best way to forge an understanding of the differences in terms is to look at the conventional definitions of certain words and simply apply them to cyberspace. For example, traditional, kinetic warfare has a clear definition that is difficult to dispute: a conflict between two or more governments or militaries that includes death, property destruction and collateral damage as an objective. Cyber warfare, therefore, uses the same principles of goals, actors and methods that one can examine against a cyber attack to ascertain the gravity of the situation.

Let’s examine two of the most common phrases used, “cyberspace” and “cyber attack” and get to the root of what they really mean.

Cyberspace & Cyber Attacks

The realm in which all of this takes place is cyberspace, and as previously stated, can be thought of as a theater of operation.

The Department of Defense defines cyberspace as:

A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.

A good analogy to help people understand cyberspace is to draw a parallel to your physical space. You are a person and you are somewhere; perhaps an office, house or at the car wash reading this on your iPhone. This is your environment, your space. You have objects around you that you interact with: a car, a sofa, a TV, a building. You are an actor in this space and there are other actors around you; most have good intentions, and some have bad intentions. At any point someone in this environment can act against you or act against an object in the environment.

Cyberspace is essentially the same: it is an environment in which you operate. Instead of physically “being” somewhere, you are using computing equipment to interact over a network and connect to other resources that give you information. Instead of “objects,” like a car or a sofa, you have email, web sites, games and databases.

And just like real life, most people you interact with are benign but some are malicious. In the physical space, a vandal can pick up a spray paint can and tag your car. In cyberspace, a vandal can replace your website’s home page with a web defacement. This is called a cyber attack and the vandal is a cyber vandal.

The graphic below illustrates the overall cyberspace environment, threat actors and possible targets. To help you conceptualize this, think about the same paradigm, but in a physical space. Take away the word “cyber” and you have warriors, terrorists, vandals and spies that attack targets.

Tony Martin-Vegue

The actual attack may look the same or similar coming from different threat actors, but goals, ideology and motivation is what sets them apart.

An excellent definition of an attack that occurs in cyberspace comes from James Clapper, Director of National Intelligence:

A non-kinetic offensive operation intended to create physical effects or to manipulate, disrupt, or delete data.

This definition is intentionally very broad. It does not attempt to attribute political ideologies, motivations, resources, affiliations or objectives. It simply states the characteristics and outcome.

Cyber attacks of varying degrees of destruction occur daily from a variety of actors and for many different reasons, but some high-profile attacks are the recent rash of retail data breaches, the Sony Pictures Entertainment hack, website vandalism and distributed denial-of-service (DDoS) attacks.

The groundwork is set for what is a cyber attack and the environment, cyberspace, in which they are launched and experienced by the victim. This is the first step in dispelling myths to truly understand risk and what is possible (and not possible) when it comes to protecting your firm and the nation.

Part two of the series examines four very different terms that are often used interchangeably: cyber war, cyber terrorism, cyber vandalism and cyber espionage.

What do you think? Let’s continue the conversation below or over on Twitter, @tdmv.