Workshop Background Introduction and Background: About one year ago, the Cyber Conflict Studies Association (CCSA) was formed by a group of senior cyber defense colleagues representing industry, government, and academia. The driving force behind the CCSA was recognition that the shared military/civilian infrastructure, by virtue of its complexity, interconnectivity, and reliance on information technology (IT), is becoming increasingly vulnerable to large-scale cyber attacks. Cyber tools capable of disrupting networks are not difficult to obtain, and most experts recognize that cyber conflict is the work not only of script kiddies, hackers, and hostile nation-states, but also of non-state/transnational actors, who may operate in conjunction with other forces such as organized crime. The objectives of these new threat agents may not only be web defacements, embarrassment, fraud, and business related espionage, but also political disinformation, economic and communication chaos, and disruption of military and homeland defense operations. The impact of cyber conflicts on our complex infrastructure is unpredictable, in part because of a lack of good analytical tools and models. Enterprise designs, highly interactive mobile code, and critical reliance on network centric communications are relatively new phenomena, and their development objectives are innovation, performance, and profit, not cyber security. The nation’s approach to infrastructure and information protection has focused on the physical protection of resources. Security is usually limited to redundancy of systems, backup of data drives, or some other hardware-specific solution. The cost of protecting human life and the value of structures and equipment are linked to well-established processes; risk analysis, insurance values, and manufacturing techniques that managers, engineers, financiers, and policy makers know and understand. Quantifying the costs of loss, disruption, and changes to information carried by the infrastructure is a much more abstract activity. Government efforts to foster a better understanding of cyber networks that are owned mostly by private entities were pushed into the background as a result of the September 11th attacks on the World Trade Center and the Pentagon. Since then, the emphasis has been on protecting and screening physical assets or personnel, and cyber policy has reverted to concentrating on intelligence collection, attack identification, and protecting against known vulnerabilities. In an environment where the nation’s military, government, and private sector openly tout their dependence on network centric enterprises, the risks of cyber warfare must be addressed from a futuristic perspective. To fill this apparent void, the CCSA determined that a cyber conflict framework must be established that defines and bounds the problem and assesses how serious cyber conflict could be as a coercive factor. The CCSA proposes creation of a workspace for a social-technical dialogue that addresses, at a minimum, the following questions:
Addressing cyber conflict issues is a formidable task. It is unclear whether traditional, linear problem solving and domain-centered techniques can adequately address these complex and interconnected issues. An interdisciplinary approach is needed to understand the likely technical, operational, economic, and social impact of a cyber attack on critical, shared infrastructures. One CCSA goal is to understand and foster the establishment of effective teams and their methodologies. This requires education of leaders in the field of cyber conflict and development of metrics of the effectiveness of cyber studies. These metrics will provide the analytic data necessary to influence policy and research and product development. The concept for the complexity workshop series was formed jointly by
the CCSA and CTNSP. CTNSP has been addressing issues of information assurance
as they relate to military transformation and homeland infrastructure
protection and saw workshops on cyber conflict as a means to improve understanding
and establish a dialogue on cyber security. The workshop leads were Col
(S) Gregory Rattray, Ph.D., a founding member of the CCSA, and Marie Stella,
a CCSA member and Federal Aviation Administration employee on detail to
CTNSP to address cyber security issues. Mr. Michael Schrage, co-director
of the MIT Media Lab's E€Markets initiative, also volunteered his
time to help plan and moderate the workshops. Schrage has written and
consulted extensively on the design and diffusion of digital technology
and its effects on business relationships. His expertise in developing
collaborative workspace and his ongoing work on the role of prototypes,
simulations, and games as media for innovation, were critical to the success
of the workshop effort to date.
|
||||