“Cyberwar is not a thing. We’re not going to bother about it,” said Bangkok-based hacker and cyber analyst The Grugq during this week’s Disclosure cybersecurity conference.
“What’s more interesting for us is understanding cyber craft, [which is] the application and use of cyber power, and the ways that cyber warfare gets used as a element as a component of cyber craft,” he said.
The kind of cyberwar The Grugq has in mind here is the kind of massive coordinated cyber attack that’s been dubbed “cyber Pearl Harbor”, or even as Australian analyst Greg Austin now puts it, a cyber blitzkrieg.
As Austin told ZDNet last year, “We’re really talking the plans by states to attack each other with multi-wave, multi-vector destructive cyber attacks across the entire civil and military infrastructure of the enemy.”
The Grugq doesn’t think that’s the right conceptual framework, however.
“A lot of the cyberwar theorists, the guys who are wrong, they believe that pretty much the only thing that cyber brought to the table was that it gave you strategic surprise,” he said.
That thinking comes from an “unconscious desire to pick battles where America lost the battle, but won the war,” he said.
“[In World War Two], the Japanese attacked and got us good, but we got them in the end.
“Wars end. And what we’re going into, what we’re experiencing now, is a sort of constant cyber conflict, and there’s not really a reason for it to stop.
“So it’s not cyber war. But cyber warfare, on the other hand, is actually very useful to think about.”
Cyber craft works ‘really, really well’ at the strategic layer
The Grugq’s presentation offered a framework for thinking about cyber conflict between nations in ways that move beyond the military.
“Cyber power means that you do things in cyber, and it impacts outside of cyber, and it can do this across all of the instruments of power,” he said.
This power spectrum is sometimes described as DIME: diplomatic, informational, military, and economic. Sometimes it’s PEST: politics, economy, socio-cultural, and technology.
“These are the ways that states can basically use their power. These are the levers available to them,” he said.
“Our thinking [about using cyber power] has to be sophisticated enough to include all four layers of war as we understand them.”
Those layers are the political, where the broad decisions get made; the strategic, where specific objectives are set to achieve; the operational, which comprises a series of tasks and means to achieve those strategic objectives; and the tactical, where the detailed grunt work gets done.
“The thing about cyber craft is it works really, really well as a strategic layer,” he said.
In some ways, The Grugq’s comments echo those of major general Marcus Thompson, head of the Australian Army’s Information Warfare Division, though the wording is different.
“Despite the fact that my job title is head of information warfare, and I talk a lot about cyber warfare, there’s actually no such thing. There’s just warfare,” Thompson said during a cyber hypothetical at the Australian Defence Force Academy last year.
“Any response that the government might choose to make that involves the military could occur using any capabilities that the military has available,” he said.
“A military response would be one of any number of options, or could be part of a suite of options.”
50 million K-pop fans are a force to be reckoned with
Cyber power isn’t just about nation-state conflicts either. “There’s a lot of non-states which have more cyber power than states do,” The Grugq said.
His example is K-pop band BTS, with a fan base numbering 40 to 50 million globally. They’re devoted, they’re online, and many of them will participate in political action when they’re directed.
BTS fans weaponised their social media presence during the Black Lives Matter protests. But K-pop has always been political, and it’s a phenomenon that foreign policy analysts are watching.
“These people are going to be operating in cyberspace,” The Grugq said.
“They already are. And I think that’s awesome. But it also means cyber power now belongs to a K-pop band.”
How Huawei and ZTE seized the 5G cyber high ground
Nation-states pay a lot of attention to potential cyber attacks against critical national infrastructure, with electricity grids being the most commonly cited example. The Grugq says that “critical cyber infrastructure” is more important, however.
“Critical national infrastructure basically just provide subsistence. It’s the utilities, it’s the transport, it’s groceries, all of those things that keep the body alive,” he said.
But critical cyber infrastructure is where society and indeed the nation as a coherent entity actually exist. Culture, business, finance, law, family, community, education — and of course, politics and strategy and every other kind of organisation.
“All of this critical cyber infrastructure, the places where society exists and where these complex functions of society exist, these make up the cyber terrain.” The Grugq said.
“Cyber terrain is very useful in the sense that once you control the terrain, you can, for example, have a home field advantage.”
The Grugq’s historical example is from World War One.
Transatlantic telegraph cables ran through the UK, so when Germany needed to talk to Mexico about a potential military alliance, the Brits had visibility. This then led to the interception of the so-called Zimmermann Telegram, which in turn, partially led to the US entering the war.
The Grugq’s contemporary example is China’s dominance of 5G technology.
China has recognised 5G as a strategic advantage to them, he said, so they have made sure they dominate the protocol design meetings.
“They would flood every session with more engineers and more people than anyone else,” The Grugq said.
“As a result, their people from Huawei and ZTE were the ones that roughly designed 5G, and have a lot of patents, and have the experience, and have been doing the test, and built everything,” he said.
“So Huawei, due to a strategic decision early on, now provides access to cyber terrain.”
The same applies to smartphone hardware. Broadly speaking, you’ve got a choice between Apple and Android.
The same applies to the platforms where people communicate. TikTok is fighting back against a US government ban, and WeChat is an enormously effective tool of influence.
“The most interesting and most useful one is Zoom,” The Grugq said. “Strategically they’re everywhere,” including business meetings and academia.
“Zoom, of course, is a Chinese company, making, it one of the most important communications companies that is not owned by the US or by a US entity.”
To those, your correspondent would add Facebook and Google dropping plans for an underwater cable to Hong Kong after security warnings, and Facebook countering Australian government plans to make companies pay to link to news stories by threatening a ban of news being shared on its platform.
These platforms have plenty of cyber power, and they’ve certainly seized the high ground of the cyber terrain.
ACSC releases new cyber threat report
Which brings us to Australia.
On Friday, the defence minister, Senator Linda Reynolds, launched the latest annual cyber threat report from the Australian Cyber Security Centre.
It’s the first such unclassified threat report since the Australian Cyber Security Centre (ACSC) became part of the Australian Signals Directorate in 2018. Reports were previously produced in 2015, 2016, and 2017.
“We’re now facing an environment where cyber-enabled activities have the potential to drive disinformation, and also directly support interference in our economy, interference in our political system, and also in what we see as critical infrastructure,” Reynolds said.
“This type of activity really does blur what we previously understood to be peace and war, which is what we call that grey zone in between.”
While not naming China as one of the “sophisticated and very well-resourced state-based actors” involved, Reynolds did say that the threat has increased further since Prime Minister Scott Morrison warned of continued cyber attacks in June.
As your correspondent noted at the time, the steady increase in such attacks isn’t anything new.
Disclosure: Stilgherrian travelled to the Australian Defence Force Academy as a guest of UNSW Canberra Cyber.