Cyber War Blitzkrieg

Cyber War, Blitzkrieg, and John Boyd’s Patterns of Conflict

 

David A. Shunk
Col, USAF, Ret.
25 September 2008

[Editor’s note:  Dave Shunk is a retired USAF Colonel, B-52G pilot, and Desert Storm combat veteran whose last military assignment was as the B-2 Vice Wing Commander of the 509th Bomb Wing, Whitman AFB, MO. Currently he is an Army government civilian working in the Army Capabilities Integration Center (ARCIC) Initiatives Group, Fort Monroe, VA.]

“Be quiet, friend Sancho,” said Don Quixote. “Such are the fortunes of war, which more than any other are subject to constant change.”

Cervantes, Don Quixote

Our successes are tremendous and it looks to me inevitable that the other side will soon collapse. We never imagined war in the west would be like this.

Major General Rommel, Commander 7th Panzer Division,
quoted in To Lose a Battle, France 1940, Alistar Horne, p. 625

Cyber War Recent Events:

In the first two weeks of August 2008 speculation on the potential of cyber warfare went from theory to reality. The Russian land, sea and air offensive combined with cyber attacks on Georgian government, Georgian civilian websites and mobile cell phones presented the first combined forces cyber war.

The results were as desired – denial of use of the Georgian governmental network of web sites and the two non-governmental sites, Interpress and Civic Georgia, which are the main source for news. For the first two days of the offensive mobile phones were almost impossible to use.  (Analysis: Georgia vs. Russia Cyberwar, Shaun Waterman, Middle East Times, 11 August 2008

Is cyber war similar to blitzkrieg as defined by John Boyd in the classic Patterns of Conflict presentation? Are we missing a new critical offensive strategy/technology? Time to explore…

First, Cyber War Basics:

  1. Cyberspace provides a fulcrum to leverage physical attacks by disrupting/delaying/hindering U.S. response
  2. Anything we can do in Cyberspace can be done to us cheaper and faster
  3. Vulnerabilities are open to the world, available to anyone, anywhere, with the capability and intent to exploit them
  4. Cyberspace provides the means for organized attacks on our infrastructure, from a distance, at the speed of light

(From the presentation, A Warfighting Domain by Dr Lani Kass, AF Cyberspace Task Force, 26 Sep 2006)

Why obtain an offensive cyber capability?

2006 National Military Strategy for Cyberspace Operations: As a warfighting domain … cyberspace favors the offense. Offensive capabilities in cyberspace offer both the US and our adversaries an opportunity to gain and maintain the initiative. (Kass, op. cit.)

Cyber warfare, today, the offensive

Cyberwarfare is a form of open source warfare over the Internet fought by groups of civilians for reasons of nationalism, revenge, and (worst of all) fun. It’s messy, chaotic, and nearly impossible to control. The benefits of an open source cyber war include:

  • Deniability. Offensive operations by government computers/personnel against a target nation is an act of war. Actions by civilian vigilantes is not and can be disowned. An inability to point to an offending organization can make blame difficult to affix: note the speed at which the US tech press was willing to deny a Russian cyberwar against Estonia.
  • A huge talent pool. Rather than spend money on training a limited number of uniformed personnel (likely poorly), it’s possible to draw on a talent pool of hundreds of thousands of participants (from hackers to IT professionals to cybercriminals). Given the rapid decay/turnover in skills, high rates of innovation, high compensation, and the value of real-world expertise, the best people for cyberwarfare don’t work (nor will they ever) in the government. The best you can do is rent/entice them for a while.
  • Access to the best Resources/Weaponry. The best tools for cyberwarfare are developed in the cybercriminal community. They have vast and rapidly growing capabilities: a plethora of botnets, worms, compromised computers within target networks, identity information, etc. Further, these capabilities are cheap to rent.
  • “Cyber Espionage”: Cyber espionage is the act or practice of obtaining secrets (sensitive, proprietary of classified information) from individuals, competitors, rivals, groups, governments and enemies for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers.
  • Web vandalism: Attacks that deface web pages, or denial-of-service attacks. This is normally swiftly combated and of little harm.
  • Propaganda: Political messages can be spread through or to anyone with access to the internet.
  • Gathering data: Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world.
  • Distributed Denial-of-Service Attacks: Large numbers of computers in one country launch a denial-of-service attack against systems in another country.
  • Equipment disruption: Military activities that use computers and satellites for co-ordination are at risk from this type of attack. Orders and communications can be intercepted or replaced, putting soldiers at risk.
  • Attacking critical infrastructure: Power, water, fuel, communications, commercial and transportation are all vulnerable to a cyber attack.
  • Compromised Counterfeit Hardware: Common hardware used in computers and networks that have malicious software hidden inside the software, firmware or even the microprocessors

(From: Open Source Warfare, Cyber War, John Robb, 15 Aug 2008)

Now the Blitzkrieg Basics

Blitzkrieg as potential – not as a collection of weapon systems:

Essence of Blitzkrieg

Employ a …maneuver philosophy to generate ambiguity, realize deception, exploit superior mobility, and focus violence as basis to quickly:

(1) Create many opportunities to penetrate weaknesses in the form of any moral or mental inadequacies as well as any gaps or exposed flanks that open into adversary’s vulnerable rear and interior, hence-

(2) Create and exploit opportunities to repeatedly penetrate adversary organism, at all levels (tactical, grand tactical, and strategic) and in many ways, in order to splinter, envelop, and roll-up/wipe-out isolated remnants, thereby generate confusion and disorder, hence-

(3) Create and exploit opportunities to disrupt his system for communication, command, and support, as well as undermine or seize those connections or centers that he depends upon, thus shake his will or capacity to decisively commit his back-up echelons, operational reserves, and/or strategic reserves, thereby magnify adversary’s confusion and disorder and convince him to give up.

Intent

Create grand tactical success then exploit and expand it into strategic success for a decisive victory.

Implication

Blitzers, by being able to infiltrate or penetrate or get inside adversary’s system, generate many moral-mental-physical non-cooperative (or isolated) centers of gravity, as well as undermine or seize those centers of gravity adversary depends upon, in order to magnify friction, produce paralysis, and bring about adversary collapse. (Patterns of Conflict, Colonel John Boyd, slide 87)

Analysis

Cyber warfare is a close kin of blitzkrieg in the sense that they intend the same or similar effects on the systems they both attack. In the above statements on blitzkrieg one can freely substitute the word “cyber war” and the intent and function remain the same. The blitzkrieg essence now becomes the cyber war essence – Penetrate the system, generate confusion beyond the system is able to handle, and exploit the opportunities created. The blitzkrieg and cyber war analogy follows into the implication:

Implication

Blitzers (or Cybers), by being able to infiltrate or penetrate or get inside adversary’s system, generate many moral-mental-physical non-cooperative (or isolated) centers of gravity, as well as undermine or seize those centers of gravity adversary depends upon, in order to magnify friction, produce paralysis, and bring about adversary collapse.  (Patterns of Conflict, Colonel John Boyd, slide 87)

Should cyber war be renamed cyberkrieg?

Colonel Boyd summed up blitzkrieg (cyber war?) as:

Present many (fast breaking) simultaneous and sequential happenings to generate confusion and disorder-thereby stretch-out time for adversary to respond in a directed fashion.

Multiply opportunities, to uncover, create, and penetrate gaps, exposed flanks, and vulnerable rears.

Create and multiply opportunities to splinter organism and envelop disconnected remnants thereby dismember adversary thru the tactical, grand tactical, and strategic levels.   (Patterns of Conflict, Colonel John Boyd, slide 86)

Conclusions

Two Choices: Our armed forces need to develop offensive cyber war strategy/technology. After World War I France and Germany had the same opportunity to grasp the infiltration tactics that worked so well in World War I and combine that with a new leading edge technology – tank offensive warfare. France and Germany chose different paths:

  1. France: Maginot line – defensive warfare – long lines of immobile forts – similar to computer defenses today (such as firewalls)
  2. Germany: adopted the quick strike, many optioned maneuver oriented offensive warfare known as blitzkrieg.

In their book Military Misfortunes: The Anatomy of Failure in War, the authors Eliot Cohen and John Gooch identify three basic sorts of military-operations failures:

  1. Failure to anticipate
  2. Failure to learn
  3. Failure to adapt

Failure to anticipate is the inability to foresee and take appropriate measures to deal with a problem. Failure to learn suggests an inability to gain understanding and experience. Failure to adapt is the inability to react or cope with unfolding events.

The combination of any two lead to “aggregate failure” and the combination of all three lead to “catastrophic failure.”

Without developing cyber war offensive capabilities we have failed to anticipate, learn and adapt.

Consider the Russian cyber attack in Georgia a warning.

Of all the attitudes struck by the French High Command …, none today seems more incomprehensible that its apparent refusal to take cognizance of the lessons of the Polish campaign. Nothing that had happened to the unhappy Poles made France in any way alter her basic doctrine of war, review the training techniques of combat echelons, or consider possible German offensive plans against her in the light of the strategy that had succeeded so admirably against Poland. (From Horne, To Lose a Battle, France 1940, p. 165)

Be Sociable, Share!

Filed in Misc. | One response so far

One Response to “Cyber War Blitzkrieg”

  1. rmhitchenson 29 Sep 2008 at 1:59 pm 1

    The key cyberwar “basic” in your view seems to be #3– “Vulnerabilities are open to the world, available to anyone, anywhere, with the capability and intent to exploit them.” Well, forsan, non forsan. I seem to be having this same argument with cyber Chicken Littles for years. It sure seems to me that if this was true, we would have seen dramatic instances of these vulnerabilities being exploited. What seems most striking to me is that this is exactly what we haven’t seen. Way back in 1997, during the famous and oft-cited DOD exercise “Eligible Receiver,” claims were made that red team hackers could have paralyzed power grids in major cities; in actuality, these penetrations were simulated on DOD computer networks not subject to outside inspection. Not long ago the CIA announced that a couple of major cities had in fact seen their power grids penetrated by cyber terrorists, but the Agency declined to offer specifics as to where and when. “Sources and methods,” “need to know,” and all that. You understand, just take our word for it.

    Really, hyping the threat doesn’t do anyone any good. It breeds overreaction, which is what got us into Iraq and why we have to take off our shoes at airports. I’ve been tracking SCADA hacking incidents for a while, and as far as I can tell, the most destructive ones seem to have involved shutting off the lights at the Worcester (MA) airport, causing a sewage flood on Australia’s “Sunshine Coast,” interfering with traffic lights at four busy intersections in Los Angeles, and a brief disruption of the streetcar control system in Lodz, Poland. Maybe I’ve missed a few, and I would certainly welcome a corrective followup from someone who believes this threat needs to be taken as seriously as, say, the revolution in military affairs that facilitated the Blitzkrieg.